Skip to content

    Types of Payment Tokens: Universal, PSP, and Network

    types of tokens
    Picture of Basis Theory ·
    Payments

    Tokenization is a PCI-compliant way to secure and mask sensitive cardholder data in what is called payment tokens. These payment tokens can take one of three forms, with the means, approach, and benefits of each diverging from one another.

    Let’s dive into the three types of tokens and how merchants can leverage them for secure payment processing.

    Universal, PSP, and Network Tokens: What’s the Difference?

    Generally speaking, network, payment service provider (PSP), and universal tokens mask sensitive payment data such as credit card numbers. 

    Because of this, they improve payment data security while simplifying payment processing for businesses. However, the means by which this happens differs. 

    Universal Tokens

    Universal tokens are tokens that can be used in place of the plaintext payment data for transactions across various channels, payment networks, and processors without exposing the underlying data. In many cases, merchants tokenize the card’s PAN with a unique identifier that cannot be decrypted, making it more secure to store and transmit than plaintext numbers. 

    However, universal tokens aren’t limited to only payments: these tokens can tokenize any sensitive data found in any format, including non-payment information like PII. This flexibility is one of many reasons merchants choose to use universal tokens to tokenize sensitive data. In this way, universal tokens work like universal physical locks, securing many different types of valuables in different types of storage devices.

    These tokens are often provided by third-party tokenization providers, like Basis Theory, on behalf of merchants, and can integrate into a merchant’s systems nearly seamlessly.

    Payment Service Provider (PSP) Tokens

    Like universal payment tokens, PSP tokens replace plaintext payment data to improve transaction security. However, unlike universal tokens, PSP tokens only work with the provider that issued them. Often, all-in-one payment service providers offer such tokens, which can benefit merchants who want simplified tokenization they don’t have to fuss with. 

    The downsides of PSP tokens are often quite pronounced, however. The lack of versatility can stunt a merchant’s growth, as they have fewer options for providers they can partner with - especially if those partners do not play nicely with the PSP’s tokens. Likewise, and most importantly, PSP tokens can create sole reliance (lock-in) to a payment provider. What is initially presented as a convenient vault for securing payment data could quickly become a dire situation if the PSP shuts the merchant down, has an outage, or keeps a merchant’s data captive. 

    Network Tokens

    Alternatively, a network token is distributed by the card networks (Visa, Mastercard, American Express, and Discover) and can only be used through the card networks themselves or their partner merchants.

    Another key difference is that a network token can only be used for payment data. The token acts as the payment credentials, replacing the Primary Account Number (PAN) to facilitate secure transactions, but only for a specific card-merchant pair. In this way, network tokens function more like a physical key that works for certain people and can only open specified lockboxes.

    Choosing the Best Token Types For You: Considerations

    When weighing which payment tokenization solution (or solutions, should you choose more than one) are best for your business, consider what actually matters for your specific payment use cases.

    Consider the following questions:

    How many PSPs are you working with?

    • One PSP - if you only need one PSP now and in the foreseeable future, PSP tokens offer the simplicity and convenience required for most merchants
    • Multiple PSPs - if you need more than one PSP, consider universal tokens or network tokens, which offer flexibility across most PSPs

    What are your security and compliance priorities?

    • Basic security measures - network tokens offer basic security measures through restricted use. This may not work for all merchants, however.
    • Additional security - Universal tokens usually offer the highest level of security and flexibility, making them attractive for most merchants.

    What level of technical expertise does your team have?

    • Minimal expertise or resources - PSP and network tokens are quite easy to set up, and don’t require significant technical expertise or resources to go live
    • More robust technical resources - universal tokens require third-party integration and developer expertise. In many cases, Basis Theory included, the third-party provider will offer high-touch support and thorough documentation to make integration simple

    Does your business operate in a higher risk space, or have a higher risk of being shut down?

    • Yes - universal tokens through a third-party token vault will offer redundancy and give merchants the most control over their payments data. Should a PSP shut you down, you have the ownership to quickly pivot to a new PSP or pre-emptively build in a backup PSP so that you can continue transacting before issues arise
    • No - more simple merchants with basic use cases can often get by with PSP tokens through their PSP but should be aware of the risks of vendor lock-in and the lack of flexibility in their payment flows

    Does your business need a multi-processor or payment orchestration-focused approach?

    • Yes - universal tokens through a third-party tokenization provider open the door for multi-processor routing, backup processors, and other partner/integration needs. All merchants, regardless of size, should strongly consider whether this approach is right for them.
    • No - more simple merchants with basic use cases can often get by with PSP tokens through their PSP but should be aware of the risks of vendor lock-in and the lack of flexibility in their payment flows

     

    Universal Tokens

    PSP Tokens

    Network Tokens

    Issuer

    Third-party tokenization providers

    PSPs

    Payment networks & tokenization providers

    Usage and acceptance

    Most networks, providers, and uses

    The PSP that issued it

    Network-specific

    Flexibility

    High

    Low

    Medium

    Function

    Secure data tokenization (not limited to payments)

    Secure payment tokenization

    Payment credential masking/replacement

    Integration

    Requires a third-party integration and technical resources

    Simple and convenient to set up

    Simple to set up

    Universal Tokens: Flexibility and Security for All Merchants

    While each merchant has different tokenization requirements, it is clear that universal tokens offer the most flexibility, optionality, and security of the three types.

    Basis Theory, a universal payment token solution, significantly reduces PCI scope while offering flexibility and optionality for merchants in numerous industries. Whether a merchant wants to break free from PSP lock-in, wants the option to route payments precisely to their liking, or simply wants the peace of mind of knowing they own their payments data, Basis Theory’s third-party token vault could be the right choice. Speak with our team today if you want to learn more about the ROI and benefits of choosing universal tokens.

    De-Risk Payments. De-Scope Compliance.   Accelerate time-to-compliance and eliminate nearly 90% of the PCI DSS Level 1 requirements using Basis theory.  

    Stay Connected

    Receive the latest updates straight to your inbox