Total Processing is now part of
Tokenisation is a secure way of paying that involves swapping out a customer’s sensitive financial information with non-sensitive information; a token.
For a payment token example, say a customer is about to purchase something online with their debit or credit card, the tokenisation payment algorithm will replace the card’s Primary Account Number (PAN) with a unique string of numbers called a token (also sometimes known as an ‘identifier’).
The token is then transmitted between the payment gateway and the payment processor, while the real card number is stored in a token vault. Therefore, credit card tokenisation protects the customer’s details at every step.
This tokenisation payment process — which can happen online or at a brick-and-mortar store if you have a digital wallet — takes place automatically and in real-time.
A customer will then pay with the token and not with their card details. The customer’s PAN is not transmitted during the payment process and is not at risk of interception by fraudsters.
This is what makes tokenisation for payments very safe. And because tokens are so difficult to interpret, they are almost impossible to use by criminals, even if there is a data breach.
‘Token Service Providers’ (TSPs) are what generate the tokens. TSPs can be varied. The major credit and debit card associations — such as Mastercard and Visa for example — are TSPs, as they issue their own. And so do digital wallets. Nowadays almost all major alternative payment methods use tokenisation. Apple Pay, Google Pay and Alipay are all also examples of TSPs.
Payment processors, such as ourselves, also provide tokenisation services. These tokens can then be utilised by the merchant to charge the customer for their purchase.
If you have a business model that relies on a steady stream of repeat business from customers, such as a subscription-based or recurring payments model, you will likely benefit from tokenisation.
This is because tokens can safely be stored away, so that the customer can regularly be charged according to the agreed schedule. The customer then doesn’t need to continuously provide their details after they’ve set up the first payment.
E-Wallets such as Apple Pay, Google Pay and PayPal are on the rise in a realm of contactless payments, but the technology behind them goes far beyond NFC chips and Fingerprint ID when it comes to protecting the consumer.
E-Wallets rely on tokenisation in order to create a digital replica of your debit or credit card – that is unique to your smartphone or device.
Apps on your phone will utilise the information connected to tokenised accounts (for example as we mentioned above, with Google and Apple Pay) in order to securely fulfil orders without ever needing to request or access your issuing bank’s details.
Tokenisation quickly provides a broad spectrum of apps with safe and convenient access to your mobile wallet. With all the shipping and billing information and with the additional biometric confirmation typically needed to complete a purchase.
With tokenisation in place, a customer’s card can be stored safely on a website as part of a ‘remember me’ system. This is very useful for returning customers; they can set-up an account on your website and rather than manually fill in their card details every time they return, they can benefit from a one-click checkout - a great way to increase loyalty! In addition to this, if your website ever did experience a potential data breach, then the card number information of your customers will not be exposed.
There are many benefits of payment tokenisation to merchants. Here are the key ones:
That being said, tokenisation is not perfect. There are a few downsides that you should be aware of:
Because tokenisation is a robust and secure payment technology, it naturally meets many of the security measures of the Payment Card Industry Data Security Standards (PCI DSS) framework.
But tokenisation does not replace the need to comply with PCI DSS on its own. There are other steps that you’ll need to continually take to stay compliant.
Including:
As the provider of your online payments, we’ll make sure that your tokenisation is PCI DSS compliant — so you won’t have to.
There are plenty of online payment companies out there that can offer tokenisation software as a service (including ourselves).
The biggest names in the business are probably Adyen and Stripe — and they certainly are respectable companies with many happy customers. But if you’re looking for a unified solution with a customer-focused approach, then Total Processing could be the answer.
Our tokenisation service comes alongside a whole host of perks: 24/7 support, guidance throughout the whole integration process and a customisable payments package, including a payment gateway, merchant account, transaction management and more.
Why not get in touch with one of experts to find out how our tokensiation software and other payment solutions can benefit your business.
Encryption alters the original data into something else. Whereas tokenisation removes this sensitive data from the process entirely — swapping it out with a token.
Tokenisation is also more secure. Encryption can be reversed in order to uncover the original data with a decryption key. But because a token itself does not contain any sensitive information, it cannot be deciphered. Instead, the sensitive information is kept separately in a safe token vault that is only accessible to those with permission.
No. Tokenised data cannot be deciphered or reversed — because there is no real relationship between the token and its original number. The PAN number is swapped out and replaced with a random alphanumeric ID.
Yes and no. The process itself is PCI-compliant. But you will need to take extra precautions in order to remain fully compliant, such as regularly checking the effectiveness of your token validation, and carrying out risk analyses.
To sum up, tokenisation is a great way to protect sensitive payment data — both yours and that of your customers. All of the big banks and many alternative payment methods are embracing tokenisation, and it’s a great way to make your business more attractive when it comes to accepting payments.
But without the right online payments company, you could end up with an inefficient tokenisation process that is not PCI compliant, and that conflicts with existing computer software.
Take care when shopping for a payments provider that offers tokenisation, as each business has its own perks and benefits — and bigger doesn’t always mean better.
