Payment tokenization is a method of securing sensitive payment information by supplanting it with an algorithmically produced number called a token. Tokenization can reduce credit card fraud for a merchant. In credit card tokenization, the cardholder's Primary Account Number (PAN) turns into a string of random numbers called a token.
These tokens can then be transferred through the web to servers processing the payment without real card details being uncovered. The actual card number is held safe in a protected token vault.
Much the same as the move to chip cards, the goal of payment tokenization is to deter fraudsters from gaining access to sensitive cardholder data. Chip cards ensure against fraud that happens when somebody pays at a physical store. Payment tokenization is principally intended to do the same on the Internet.
One of the most far-reaching uses of payment tokenization today is in the e-commerce payments processing world. Tokenization enables merchants to store their customers' card data in portable wallets and e-commerce platforms. This enables the card to be charged without revealing the original sensitive card data.
Read more about tokenization in a data security context on Wikipedia.
How is Payment Tokenization Used?
Merchants use tokenization in 3 different ways:
- Companies can use payment tokenization to keep your card on file for memberships or rebilling.
- E-commerce stores can offer returning customers a "single-click" checkout.
- The latest use is for locking tokens in NFC wallets such as Apple Pay and Android Pay.
Tokenization in E-Commerce
Tokenization additionally ensures your web based shopping experience. You purchase a product on an online store, for instance. On the off chance that the online store has tokenized the card numbers that it keeps on record, your data is protected even if the store's database gets hacked.
The online store would never see or store your card data, so in the event that somebody hacks into the system (like in the Home Depot or Target breaches for instance), all the criminal can see is the randomly created tokens.
What's more, gateways create a different token for each online store — so you'll have a different code at all the spots you've shopped. So if an online has a security breach, all tokens associated with that site can be made useless, and you won't need to replace your card.
IntegralPay's PCI compliant payment gateway offers payment tokenization with the Customer Vault, a protected token database where a merchant can store sensitive data, both for credit cards and bank accounts. The information can then be referenced by a "token" we call a Customer Vault ID. You can then store the Vault ID on your server or a personal computer. You can do this without the risk of uncovering sensitive data.