What is Tokenization?
It is a service that allows card sensitive information to be converted into non-sensitive/encrypted data format such as a token, reducing the risk of data breaches and cyberattacks on merchants/acquirers that process online transactions.
How does it work?
The cardholder registers the card information once on the e-commerce/gateway, later it is sent to the brands (typically Visa, Mastercard) to be converted into a token. As a result, the entire payment process is completed with the token, in such a way that none of the parties (gateway/merchant/acquirer) stores the card number/sensitive information on their systems. This is known as data devaluation to prevent computer attacks, since tokens can only be used on the same device/merchant/account holder.
This service implementation has become increasingly popular due to its use in applications, such as: ApplePay, GPay, Netflix, Spotify, Amazon, and PayPal, among others.
Merchant Benefits:
- Safer transactions.
- Lower costs for acquirers since card brands charge extra for sending the card information without tokenizing it.
- Improvements in the user experience. The cardholder registers its card only once and does not require updating it in case of a change, since the bank sends the updates, and it is applied automatically.
- Increase in approval rate since the cards are updated without the intervention of the cardholder.
Usage examples
- One-Click Payment: The user associates the card only once to his account and does not have to do it again. (e.g., Amazon)
- Recurring payments: Netflix, Amazon Prime
- Wallets: PayPal
- OEM Pays: Gpay, ApplePay, Garmin Pay, Fitbit Pay.
How does it relate to Evertec’s online payment solutions?
This is complemented by Evertec’s payment services through the Placetopay platform, as well as EMV 3DS Server and EMV 3DS ACS security services. Together these create a safe environment protecting merchants, acquirers and users from either a data breach or potential fraud risk.
Tokenization comes to complement existing digital, card-not-present payment solutions in the market, adding greater security for fraud control and improving user authentication. In addition, it reduces the risk of data breach by not using the card sensitive information to process the payment. It also improves the user experience, since the cardholder does not have to manually update his/her data in each place the card is registered if the information on the card changes, this is done automatically by the brands.
Ricardo Pinillos – Product and Innovation Manager