.png?width=365&height=122&name=BTLogo%20(1).png)
How Network Tokens Can Power Agentic Commerce
Don’t ask something you should already know. If a customer already told you their name, and trusted you with their credit card information, why keep asking for it?
No matter the reason, it’s why network tokens are set to play an important role in agentic commerce. Because no two systems are alike, how a Basis Theory customer decides to use network tokens totally depends on their specific payment flows.
Let’s jump in.
What is a network token?
A network token is issued by card networks and tied to a specific device or merchant. A network token replaces the Primary Account Number (PAN), which is a security and efficiency enhancement for digital payments. Rather than use the PANfor a transaction, a randomly generated number (token) is used.
Network tokens are designed to be out of PCI scope, making them safer to store on internal systems. A cryptogram is a transaction-specific security code generated by the issuer for a network token. You would need to generate cryptographic proof for a one-time purchase or at the time of setting up a recurring transaction. Cryptograms help provide validation for a transaction request.
Network tokens were designed for merchant-initiated transactions (MIT) flows, and can auto-update card information after expiration or reissuance—ensuring that card-on-file services continue without interruption. Because the network token is provisioned by the network and tied to a specific merchant, fraud becomes less likely to occur—resulting in higher authorization rates. Customer-initiated transaction (CIT) flows can involve network tokens if the user can handle the latency of retrieving the cryptogram and going through what is similar to a 3DS flow.
This video about network tokens from 2019 still resonates today!
Types of Network Tokens
Identifying a network token starts with the TRID. The TRID (Token Requestor ID) is what identifies the merchant to the network issuing the network token, and ensures that the network token is valid for that merchant alone. Each payment network will issue its own TRID to the merchant, and some work is involved in managing the growing corpus of TRIDs that will be used for payments.
Although the TRID is unique to the merchant, it can be requested on behalf of the merchant by a PSP. The first three of the eleven digits generally identify the entity that made the request.
There are different kinds of TRID representing two types of network tokens:
- Network tokens that come from a wallet, such as Apple Pay or Google Pay.
- Network tokens that come from a credit card network, like Visa Intelligent Commerce, Discover Global Network, or Mastercard Agent Pay.
The newest development with network token types requires verification, basically a two-factor authentication or 3DS-type of flow. Once this is completed, access to the virtual card network tokens exists. This type of network token is injectable into form fields and acts more like a PAN than an actual network token.
If an e-commerce merchant receives a PAN from a customer, it can be turned into a network token for that merchant. If that same e-commerce merchant receives a network token from a different customer that was intended for a separate merchant, the token could be reverted into the PAN and processed by the processor—but this would then bring the merchant into PCI scope.
The other type of network token comes from Apple Pay and Google Pay wallets. When a PAN is entered into an Apple or Google Wallet, a network token is generated and processed at the store where it is being used. This network token is specific to the wallet, not any single merchant.
From the customer’s perspective, they can choose which merchants can access their MPAN (merchant primary account number.) A processor can process either the PAN or the network token.
Network Token Use Case
Agentic commerce is a perfect network token use case, because some sort of authentication is required by default. Consider adding a payment method to a search engine like ChatGPT or Gemini. This information needs to be captured, secured, verified, and used in a timely circumstance. However, if an agent must wait a few seconds, it doesn’t care—compared to a user.
This type of provisioning is what makes network tokens so appealing for agentic commerce. Before any agent has the ability to transact on your behalf, much of the verification for enabling agentic commerce is being moved into the hands of the card networks. Networks won’t provision tokens to merchants with fraudulent flags, injecting a security check into the payment flow.
Once verified, credentials are generated that allow an agent to buy something on their behalf. And those credentials can be scoped down to the exact amount they can be used for, MCC code, time, etc.
Other network token use cases are:
- Stablecoins: If you are just using stablecoins, there’s no network and a true closed loop payment system exists.
- GIft Cards: Target, Amazon, large merchants that can enable automatic purchases and recurring payments.
- Side-by-Side Tokens: Related to debit cards and least cost routing. If you get a network token for a debit card, you can use that token to route the transaction to the debit card network (back of card networks like PULSE and STAR.)
Getting Started with Network Tokens
Basis Theory is solving the hard problem of having an agent do the research within the product catalog and actually finding the right item, before making the final purchasing decision on behalf of the user. These type of agents want to interact with an API. It’s much easier to imagine flows where the user gives a final approval.
The Agentic Commerce Consortium published a roadmap for merchants to use for getting started with implementing the underlying infrastructure.
But it starts with closed loop systems, and the experience is copied and adopted in other industries. That’s what Basis Theory is doing today with BasisTheory.AI and our agentic commerce solutions. Get started with network tokens by following the documentation from our engineering team.
