Cascading payments can be part of an intelligent payment routing strategy. In this post, we break...
What is payment network tokenization?
Payment network tokenization is a process of replacing sensitive payment information, such as a credit card number, with a unique identifier or token that can be used for payment transactions. The tokenization process creates a random string of characters that represents the actual payment information, which is stored in a secure token vault. The token can then be used to process payments, without exposing the actual card information to potential attackers or fraudsters.
Tokenization is used to secure online, in-app, and mobile payments, where sensitive payment data is transmitted across multiple devices and networks. By tokenizing payment data, merchants and payment processors can reduce the risk of data breaches and protect sensitive customer information.
When tokenization is used within a payment network, it is typically managed by the actual payment network, such as Visa or Mastercard, which issues the tokens and maps them to the original payment information. Merchants and payment processors can then use these tokens to process payments without storing sensitive payment data on their systems.
What are some benefits of payment network tokenization?
The most important benefit of payment network tokenization is an increased likelihood of transactions being successfully processed. When using payment network tokens, vendors are not providing the 16 digit PAN from a card, but merely a token representing the cardholder’s account. As a result, if the card is replaced, the token will still be valid, while the digits from the original card will not. In addition, interchange rates are generally 10 basis points lower for the transaction, as it is safer; and some payment networks will accept larger charges submitted against a token than a PAN.
From a security perspective, payment network tokenization substantially reduces the risk of data leakage, as decryptable PII and CHD is transmitted only between the card network and the consumer’s bank.
What are some challenges of payment network tokenization?
As is common with many desirable capabilities in the payments field, Payment Service Providers (PSPs) often offer access to payment network tokenization as a way to simplify adoption for their customers. While PSPs do, indeed, provide a token vault, which further insulates the vendor from regulatory requirements, storing the tokens with the PSP effectively locks the vendor into that PSP. The backlog of tokens is stored at, and will remain with the PSP, hindering the vendor’s ability to move their business to an alternative provider; and effectively eliminating the vendor’s ability to utilize multiple PSPs in a payment optimization solution.
How can you combine payment network tokenization with a payment optimization strategy?
In order to combine payment network tokenization and payment optimization - in which a vendor uses multiple PSPs to increase their transaction success and optimize costs - a vendor will need to partner with a third party Token Service Provider (TSP), like Basis Theory. In this scenario, the TSP will provide the token vault, into which the payment network tokens can be deposited, and from which they can be retrieved in order to process payments. In contrast to using a PSP’s token vault, using one from a TSP allows the vendor to choose which payment processor they will present the token to, giving them flexibility and a higher likelihood of successfully processing transactions.
How do you set up payment network tokenization with a third-party Token Service Provider?
Vendors who want to reduce ties to a single payment provider will need to partner with a TSP that provides a PCI-DSS Level One-certified token vault, and a development environment that supports rapid innovation and flexible interfaces.
This is fairly easily tackled by working with a provider like Basis Theory, which makes it simple to store, access, and control sensitive data. This can help reduce the stress and strain of attempting to reach PCI-DSS Level One, and enable a shift away from the restrictions of a single PSP like Stripe, and toward a multi-PSP, cascading payments- oriented approach.