Last editedMar 20222 min read
One of many buzzwords business owners should familiarise themselves with as digital payment becomes the rule rather than the exception, tokenization is an important security measure that makes sending and receiving payment safer for everyone.
For so many of us, payment security is an increasingly important consideration and tokenization is a major asset in the protection of customer data from cyberattacks. But how does it work and is it the right fit for your business?
What is payment tokenization?
Tokenization exists to prevent criminals from duplicating sensitive financial information and works similarly to chip and PIN. When sensitive information is sent digitally, tokenization replaces that data with a random number generated by a specific algorithm: a token. The token is then passed through either the internet or a local wireless network with the real data held in a secure token vault.
A history of tokenization
As a general practice, encryption has been used to disguise sensitive data for decades. Tokenization, however, is a cheaper and more secure alternative to encryption, particularly for small businesses. It is also incredibly flexible and allows customers to safely store credit and debit card information in various mobile wallets and other e-commerce solutions without revealing the original information.
How does credit card tokenization work?
When a payment is being made, a token is automatically generated and is then used to process the transaction. The merchant never sees the credit card number. First, the customer scans their card or enters their card details. Next, a token is created in real time and sent to the token server. Once authenticated, a token is sent to the merchant’s system and the payment can be securely processed.
Examples of payment tokenization
There are three ways payment tokenization is used:
to keep a card securely on file
during quick checkouts
via digital wallets
With the digital wallet solutions offered by Apple and Android, users are asked to take a picture of their cards. Your smartphone’s camera is able to pick out the information and replace it with a random number – the token. This is then sent to Apple or Google and programmed into the phone so it can be used time and time again without being extracted and manipulated by criminals.
If you’re buying something directly within an app, the app will be able to access the token in your phone and use it without ever seeing your actual financial information.
When you purchase a product or service online, the online merchant will keep your tokenized number on file so it can be reused quickly and simply with no chance of the data being stolen. If a rogue agent did manage to commit a data breach, all they would see is random numbers they could do nothing with.
The benefits of tokenization
Tokenization might not cut the chances of fraud down to absolute zero but it does reduce it significantly.
You can’t reverse a token unless you have access to the original key used to create it.
While using tokenization won’t automatically mean your business is PCI compliant, it definitely lessens the scope of your PCI DSS compliance operation by reducing the number of systems with access to the payment information.
The user experience is streamlined as information is stored in their mobile wallets, allowing for faster checkout times and secure one-click payments. For merchants that rely on recurring payments, payment tokenisation is an option that just makes sense.
We can help
If you’re interested in finding out more about payment tokenization, or any other aspect of your finances, then get in touch with our financial experts at GoCardless. Find out how GoCardless can help you with ad hoc payments or recurring payments.