Payments Orchestration Tracker® Series Report

Why Network Tokenization Is eCommerce’s Newest Essential

December 2023

Striking the right balance between payment seamlessness and security can mean the difference between success and failure for merchants in today’s digital landscape. Network tokenization has become a prerequisite for achieving this feat with simplicity.

PYMNTS
01

Payment “tokens” — unique digital identifiers used to replace sensitive payment details throughout a transaction chain — cannot be easily reverse-engineered to expose the underlying data, making them less valuable to hackers and other fraudsters.

02

Network tokens, generated automatically by card networks such as Mastercard and Visa, offer added fraud protection and a security advantage over other tokens that can benefit merchants and customers alike.

03

Because a network token conceals the card details at every stage of the transaction, it offers greater protection from fraud than a PCI token. The card network also generates a cryptogram for each transaction, thus adding another layer of security.

Register for Unlimited Access
Fill in the form below for free unlimited access to all our Trackers and Studies.

Thank you for registering. Please confirm your email to view all our Trackers.

    yesSubscribe to our daily newsletter, PYMNTS Today
    By completing this form, I have read and acknowledged the terms and conditions.


    The dramatic shift in consumer spending habits of the past few years continues unabated, with consumers today completing one in five transactions digitally. However, as eCommerce growth outpaces in-store sales, new challenges have arisen alongside it. The rate of fraud has grown in parallel — yet the demand for effortless digital payments is higher than ever. Achieving the right balance between payment seamlessness and security can mean the difference between success and failure for merchants in the new digital landscape.

    Every merchant faces an ongoing struggle to keep stored payment data both secure and up to date. Tokenization is a foundational tool that satisfies the highest security standards without sacrificing the customer experience. Network tokenization represents the latest iteration in the ongoing evolution of this technology. Network tokens, provisioned by the major payment card networks in partnership with issuing banks, enable merchants to protect sensitive card payment information while reducing costs and boosting sales. As digital commerce expands, network tokenization technology is rightfully gaining adoption as a tool for ensuring transactions’ safety and enhancing the customer experience.

    Tokenization: A Beginner’s Guide

    Payment “tokens” — unique digital identifiers used to replace sensitive payment details throughout a transaction chain — cannot be easily reverse-engineered to expose the underlying data, making them less valuable to hackers and other fraudsters.

    Tokenization

    offers an easier, safer customer experience that inspires trust, paving the way to long-term customer loyalty.

    A token is essentially a more secure replacement for a customer’s sensitive payment details.

    Tokenization is not a novel idea, but payments tokenization has matured rapidly in recent years. Tokens are unique digital identifiers used to replace sensitive payment details throughout all parts of the payment chain.

    A merchant’s online payment platform that uses tokenization will substitute a customer’s payment information, such as a bank account or credit card number, with a payment token, which has no value in and of itself. The token, generally consisting of a string of randomly generated alphanumeric characters, then takes the place of the payment data when processing the customer’s payment or sharing that customer’s payment information with any other endpoint in the payments flow. Meanwhile, the customer’s actual card data, referred to as the primary account number (PAN) information, is stored away in a secure database known as a token vault.

    The tokens themselves can safely retrieve PAN data as needed, but because they are much more difficult to reverse-engineer, tokens are useless to hackers and other fraudsters. Thus, through tokenization, merchants can offer secure transactions to their customers without risking fraud or data breaches.

    Tokenization offers advantages over encryption.

    Tokenization is not to be confused with encryption, which offers protection of sensitive information by using a “key” to scramble data. Whereas encryption results in identical output when using the same key, tokenization produces a unique token for each instance of PAN data entry, even if that data is identical. This gives the edge to tokenization over encryption by reducing the risk of hackers recognizing data patterns.

    In addition, tokenization can maintain the original data format, such as a 16-digit numeric configuration to replace a credit card number. This allows for easy substitution of the token into existing payment systems, whereas encrypted data formats may vary widely, often requiring system modifications for their use. Because of these features, tokenization is frequently the better choice.

    Tokenizing can smooth the checkout process for merchants.

    Tokenization can enable eCommerce merchants to offer secure automated checkout, relieving customers of the inconvenience of having to enter their payment details each time they transact. The benefits to merchants are mutual: Tokenization offers an easier, safer customer experience that inspires trust, paving the way to long-term customer loyalty. Better data security also means better and easier compliance with data protection regulations.

    Tokenization is the standard in data protection for payments.

    The Payment Card Industry Data Security Standard (PCI DSS), a set of rules governing companies’ handling of credit card data, is aimed at reducing the risks of a data breach. PCI DSS compliance is a requirement for merchants that operate with most major payment card companies, such as Mastercard or Visa, with heavy fines and reputational consequences for failure to comply. With a projected volume of 1 trillion transactions by 2026, tokenization has become a trusted payment security option that meets these standards in a cost-effective way.

    Putting the ‘Network’ in Tokenization

    Network tokens, generated automatically by card networks such as Mastercard and Visa, offer added fraud protection and a security advantage over other tokens that can benefit merchants and customers alike.

    2.1%

    Average improvement in authorization rates with the use of network tokens
    26%

    Average reduction in fraud with the use of network tokens

    What is network tokenization?

    There are many ways to tokenize a payment card. PCI tokens, so named because they fulfill PCI compliance requirements, are tokens provided to merchants by their vault providers. These may be their payment service providers (PSPs), or agnostic providers, such as Spreedly. Network tokens, on the other hand, are generated automatically by the card networks themselves, such as Mastercard, Visa, American Express and Discover, as customers use their cards. Newer mobile wallets, such as Paze, are also beginning to leverage network tokenization technology for securing their customers’ transactions.

    The process for network tokenization starts with the merchant selecting a PSP that supports network tokens and being approved by the networks as an authorized token requester. When the customer enters their card details — such as PAN, card verification value (CVV) and expiration date — on the merchant site, the merchant makes a request to its PSP to convert the raw card data to a network token. The resulting network token is used in the payments flow instead of the PAN data.

    How are network tokens different?

    Network tokens increase cohesion between all parties in the payments chain. They are merchant-specific and may be used across PSPs. This increased fidelity between merchants, PSPs/acquirers, card networks and issuing banks benefits all parties. This key difference in their interoperability gives network tokens a security edge that benefits merchants and customers alike.

    The Network Tokenization Advantage

    Because a network token conceals the card details at every stage of the transaction, it offers greater protection from fraud than a PCI token. The card network also generates a cryptogram for each transaction, thus adding another layer of security.

    Network tokenization explainer

    Source: Sjogren, A. Network Tokenization Explained. Spreedly. 2023. https://www.spreedly.com/blog/network-tokenization-explained. Accessed November 2023.

    Network tokenization offers unique advantages.

    Network tokens offer specific advantages from which every business can benefit. These include the following:

    1. Greater security

    As noted above, PCI or proprietary tokens protect sensitive information when it is being stored with the merchant once a transaction is complete, reducing the risk and consequences of a data breach. However, PCI tokens are not interoperable throughout the payment processing chain. Because a network token conceals the card at every stage of the transaction, it offers significantly greater fraud protection than an ordinary PCI token.

    Unlike PCI tokens, network tokens maintain their tokenized format as they are passed to all participants in a transaction, including PSPs, card networks and issuers. The card network also generates a cryptogram for each transaction, thus adding another layer of security. With card fraud loss projections topping $165 billion in the next 10 years, companies need additional security measures to reduce fraudulent activity more than ever.

    2. Reduced costs

    Network tokenization also eases companies’ PCI compliance efforts by minimizing the amount of payment data that is subject to PCI-DSS requirements. By tapping into network tokens to secure customers’ transactions, businesses can streamline their payment security procedures and spend less time and fewer resources on compliance.

    Because of network tokens’ extra security, there is also a more obvious cost incentive to use them: Card networks are experimenting with incentivizing network token use or disincentivizing non-network token use for merchants. As eCommerce grows, such transactional fees will only become a bigger pain point directly affecting merchants’ bottom lines, so adopting network tokenization is becoming all the more necessary.

    3. Higher authorization rates

    Network tokenization also benefits merchants by updating cardholder credentials in real time, leading to higher authorization rates and minimizing the risk of involuntary churn. False declines result in more than $331 billion lost each year — a number that can only grow as more consumers shop online. Because network tokens update proactively, expired card and other out-of-date information that might cause a transaction to be declined is no longer an issue. Companies will go to great lengths to improve their authorization rates by even a few points, but Visa data shows that network tokens can boost authorizations by an average of 2.1%, translating to an increase of up to tens of millions of dollars.

    Nowhere is this more critical than in subscription-based businesses, which rely on card information being current to avoid disruption in income streams. Network tokenization is ideal for these businesses, as it embeds card-updating capability, substantially reducing losses in recurring transactions. For example, if outdated card information causes the failure of even 1% of payments, a $10 monthly streaming service with one million subscribers could lose $100,000 per month.

    4. Better customer experience

    These reductions in merchant losses map to real customer benefits. Studies show that nearly 35% of cardholders will stop shopping with a merchant even after a single card decline. Network tokens are evergreen until an account is closed, which means that customers no longer need to experience false declines or log in to update their payment methods. This results in a more convenient and secure user experience.

    Why Network Tokenization Is Now Essential to eCommerce

    Network tokens are playing an increasing role in the global payments ecosystem, and as such, merchants must have the tools in place to support them. PYMNTS Intelligence offers the following for consideration:

    • Network tokens offer greater protection from fraud than PCI tokens by concealing payment details at every stage of a transaction and through a single-use cryptogram to bolster security.
    • With Visa and other card networks charging higher fees for non-token transactions, network tokenization is a powerful tool for optimizing payments.
    • Network tokens can boost authorizations by an average of 2.1%, translating to an increase of up to tens of millions of dollars.
    • Network tokens’ dynamic updating of card-on-file information means that merchants can blunt the impact of the 35% of customers who will leave a merchant after a failed payment.

    Network tokenization is becoming an essential feature of eCommerce. Payments orchestrators and other specialists can offer expert advice on how merchants can make the most of their payments by leveraging this technology.

    About

    Spreedly’s Payments Orchestration platform enables and optimizes digital transactions with the world’s most complete payment services marketplace. Global enterprises and hyper-growth companies grow their digital business faster by relying on our payments platform. Hundreds of customers worldwide secure card data in our PCI-compliant vault and use tokenized card data to enable and optimize over $45 billion of annual transaction volumes with any payment service.
    www.spreedly.com

    PYMNTS INTELLIGENCE

    PYMNTS Intelligence is a leading global data and analytics platform that uses proprietary data and methods to provide actionable insights on what’s now and what’s next in payments, commerce and the digital economy. Its team of data scientists include leading economists, econometricians, survey experts, financial analysts and marketing scientists with deep experience in the application of data to the issues that define the future of the digital transformation of the global economy. This multilingual team has conducted original data collection and analysis in more than three dozen global markets for some of the world’s leading publicly traded and privately held firms.

    The PYMNTS Intelligence team that produced this Tracker:
    Managing Director: Aitor Ortiz
    Senior Writer: Alexandra Redmond


    We are interested in your feedback on this report. If you have questions or comments, or if you would like to subscribe to this report, please email us at feedback@pymnts.com.

    Disclaimer

    The Payments Orchestration Tracker® Series may be updated periodically. While reasonable efforts are made to keep the content accurate and up to date, PYMNTS MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, REGARDING THE CORRECTNESS, ACCURACY, COMPLETENESS, ADEQUACY, OR RELIABILITY OF OR THE USE OF OR RESULTS THAT MAY BE GENERATED FROM THE USE OF THE INFORMATION OR THAT THE CONTENT WILL SATISFY YOUR REQUIREMENTS OR EXPECTATIONS. THE CONTENT IS PROVIDED “AS IS” AND ON AN “AS AVAILABLE” BASIS. YOU EXPRESSLY AGREE THAT YOUR USE OF THE CONTENT IS AT YOUR SOLE RISK. PYMNTS SHALL HAVE NO LIABILITY FOR ANY INTERRUPTIONS IN THE CONTENT THAT IS PROVIDED AND DISCLAIMS ALL WARRANTIES WITH REGARD TO THE CONTENT, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT AND TITLE. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF CERTAIN WARRANTIES, AND, IN SUCH CASES, THE STATED EXCLUSIONS DO NOT APPLY. PYMNTS RESERVES THE RIGHT AND SHOULD NOT BE LIABLE SHOULD IT EXERCISE ITS RIGHT TO MODIFY, INTERRUPT, OR DISCONTINUE THE AVAILABILITY OF THE CONTENT OR ANY COMPONENT OF IT WITH OR WITHOUT NOTICE.
    PYMNTS SHALL NOT BE LIABLE FOR ANY DAMAGES WHATSOEVER, AND, IN PARTICULAR, SHALL NOT BE LIABLE FOR ANY SPECIAL, INDIRECT, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, OR DAMAGES FOR LOST PROFITS, LOSS OF REVENUE, OR LOSS OF USE, ARISING OUT OF OR RELATED TO THE CONTENT, WHETHER SUCH DAMAGES ARISE IN CONTRACT, NEGLIGENCE, TORT, UNDER STATUTE, IN EQUITY, AT LAW, OR OTHERWISE, EVEN IF PYMNTS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
    SOME JURISDICTIONS DO NOT ALLOW FOR THE LIMITATION OR EXCLUSION OF LIABILITY FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES, AND IN SUCH CASES SOME OF THE ABOVE LIMITATIONS DO NOT APPLY. THE ABOVE DISCLAIMERS AND LIMITATIONS ARE PROVIDED BY PYMNTS AND ITS PARENTS, AFFILIATED AND RELATED COMPANIES, CONTRACTORS, AND SPONSORS, AND EACH OF ITS RESPECTIVE DIRECTORS, OFFICERS, MEMBERS, EMPLOYEES, AGENTS, CONTENT COMPONENT PROVIDERS, LICENSORS, AND ADVISERS.
    Components of the content original to and the compilation produced by PYMNTS is the property of PYMNTS and cannot be reproduced without its prior written permission.
    The Payments Orchestration Tracker® Series is a registered trademark of What’s Next Media & Analytics, LLC (“PYMNTS”).