Network Tokenization: Everything You Need to Know

Network tokenization replaces payment card data with a network-issued token and unique transaction cryptograms.

It reduces the potential for fraud, improves the merchant and consumer experience, increases approval rates, and reduces overall transaction costs.

Historically, most merchants directly handle sensitive payment card information and adhere to the PCI security standards.?

This makes them responsible for securely handling, storing, and protecting that data – which can be especially laborious for e-commerce merchants.

Additionally, to authorize a card transaction for payment requires multiple hand-offs of the card number, expiration date, and CVV, between various parties involved in the payment transaction.?

This creates multiple points of failure that could expose this sensitive data.

Network tokenization is a new way to process card payments that helps to keep sensitive customer card data more secure while increasing authorization rates and reducing costs for both card-present and, more recently, for card-not-present transactions.

Without network tokenization, problems arise with credit card transactions when a merchant wants to charge a card:

The merchant sends an authorization request to a payment processor with all the credit card details. The payment processor passes the card details to the card network, which forwards them to the card issuing bank for approval. The approval message is sent back to the merchant.

Throughout this process, the card number, expiration date, and CVV are passed from one party to another.

This presents many potential points of failure where this sensitive card data could be exposed.

Several years ago, point-to-point encryption was implemented for most point of sales transactions. This change, along with the more recent EMV standard for chip and NFC payments that’s been widely adopted at the point of sale, greatly reduces fraudulent transaction activity.

As expected, in response to the new card-present security capabilities added by E2EE and EMV standards, fraudsters have shifted their focus to ecommerce.

When a fraudulent transaction occurs the cardholder initiates a chargeback, and the issuing bank kicks off the chargeback process. Now with EMV and NFC for point of sales transactions, the issuer bears more risk and responsibility for those losses.

Unfortunately for merchants, with most card-not-present transactions, the merchant ends up bearing the cost of the fraudulent transaction. If the merchant fights the chargeback, then it will go back to the issuer. This process continues until someone pays for the chargeback.

Network tokenization aims to solve this problem by removing the card number from most of the steps in the card transaction data flow and also providing a cryptogram for each individual transaction. This has greatly reduced card-present fraud.

PCI tokenization was introduced by the PCI Security Standards Council as a way to reduce the exposure of card information for merchants. The card number is replaced with a token at a specific endpoint instead of across the entire payment ecosystem.

The merchant registers the card number with the payment services vault and the payment service returns a token. The merchant can safely store this token and remain PCI DSS compliant.

The payment service is responsible for securely storing the card details in a compliant way.

Network tokenization is a transformative technology that replaces card details with a network-issued token instead of a payment processor-issued token.

With network tokenization, the network (Visa, Mastercard, or American Express) also generates a cryptogram for each card authorization, adding a second layer of security.

One of the major advantages of shifting the token generation down to the network is that now more of the downstream services are insulated from dealing with the actual card information – instead, they just manage tokens.

This is how tokens are provisioned:

1. A customer enters their card details: payment account number (PAN), CVV, and expiry date
2. The merchant (token requestor) sends the card information to the token gateway service to request a network token from the card network
3. The card network shares the token request with the card issuer (often the consumer’s bank)
4. The card network shares the token with the token gateway
5. The token gateway shares the token with the merchant or token requestor to store it for future transactions

Once a token is provisioned for a card, transactions are carried out using the network token representation of the card rather than the card details.

Using network tokens offers these benefits:

1. Keeps cardholder information safe
2. Keeps cardholder information accurate
3. Cost savings
4. Improved user experience

To read more about network tokenization and to learn how network tokenization works with Skyflow, check out our blog post .