Payment tokenization is the process of replacing the primary account number (PAN) found on payment cards–credit, debit, ATM or prepaid–with a surrogate value called a token. Tokenization has evolved to become one of the most secure methods for protecting card data during transactions at the point of sale, in mobile apps and online.
Tokenization works by randomly assigning a unique, secure value (token) to represent each of the real PANs on payment cards. This makes it more difficult for hackers to access the sensitive data.
Once PANs are replaced with tokens, they can be safely stored and exchanged within and among businesses as part of normal business operations such as recurring billing, inventory management and point of sale (POS) transactions. PANs can be restored (or “re-personalized”) with the original value as needed to support payment processing and other account-level functions such as fraud detection and reporting — all without exposing the real PAN to potential cybercriminals.
Tokenization benefits both merchants and consumers. For merchants, tokenization helps reduce the scope and impact of a data breach by reducing the amount of cardholder data that needs to be protected. This, in turn, can help reduce PCI compliance costs. Tokenization also makes it possible for merchants to store payment card data in formats that are not subject to PCI DSS requirements. For consumers, tokenization provides an added layer of security for making payments and other transactions.
Tokenization is a key component of the evolving payments landscape, and its adoption is growing rapidly. More than 60 percent of the top 100 U.S. merchants are already using tokenization, and this number is expected to grow in coming years.1
What is tokenization?
Tokenization is the process of replacing the primary account number (PAN) found on payment cards- credit, debit, ATM or prepaid- with a surrogate value called a token. Tokenization has evolved to become one of the most secure methods for protecting card data during transactions at the point of sale, in mobile apps and online.
Tokenization works by randomly assigning a unique, secure value (token) to represent each of the real PANs on payment cards. This makes it more difficult for hackers to access the sensitive data.
Once PANs are replaced with tokens, they can be safely stored and exchanged within and among businesses as part of normal business operations such as recurring billing, inventory management and point of sale (POS) transactions. PANs can be restored (or “re-personalized”) with the original value as needed to support payment processing and other account-level functions such as fraud detection and reporting – all without exposing the real PAN to potential cybercriminals.
Tokenization benefits both merchants and consumers. For merchants, tokenization helps reduce the scope and impact of a data breach by reducing the amount of cardholder data that needs to be protected. This, in turn, can help reduce PCI compliance costs. Tokenization also makes it possible for merchants to store payment card data in formats that are not subject to PCI DSS requirements. For consumers, tokenization provides an added layer of security for making payments and other transactions.
Tokenization is a key component of the evolving payments landscape, and its adoption is growing rapidly. More than 60 percent of the top 100 U.S. merchants are already using tokenization, and this number is expected to grow in coming years.
What about tokenization being used by multi-app marketplaces? Is it not the same as Apple Pay or Android Pay?
Tokens are not stored on a device, but rather in a secure vault. Tokens within the secure vault cannot be used outside of that specific app or service. Users can authorize their bank to provide tokenized transactions for that app without exposing any more information than they would to an in-app purchase with a conventional checkout method such as Apple Pay or Android Pay.
Tokenization is a process of replacing the primary account number (PAN) found on payment cards- credit, debit, ATM or prepaid- with a surrogate value called a token. Tokenization has evolved to become one of the most secure methods for protecting card data during transactions at the point of sale, in mobile apps and online.