As a small business owner, naturally, the safety of your and your customers’ data is at the top of your list of priorities.
You’ve probably heard the work tokenisation bandied about, in fact it’s become a bit of a buzz word in the world of payments, but what does it really mean?
In this article, we’ll break it down and clue you up on what it is, how it’s used, and the benefits it offers your business.
In it’s purest form, tokenisation is an additional safety measure that adds an extra layer of security to sensitive card data.
How? Tokenisation cleverly substitutes the sensitive data involved in a card payment for an algorithmically generated number, also known as a token.
The aim of tokenisation is to prevent anyone with malicious intentions from duplicating a consumer’s bank information. Tokenisation exists to help prevent fraud.
When you look at your credit or debit card you’ll see the 16-digit personal account number printed across the front, this is called the PAN.
When a customer comes to pay with their card tokenisation leaps into action and replaces this 16-digit PAN number with a series of randomly generated tokens.
This means the PAN number, which is sensitive to fraud, doesn’t get entered into your payment network when you process their payment, only the token does.
Thanks to tokenisation the customer’s bank details are never exposed and are instead stored in what’s called a ‘secure token vault’.
The only person capable of reading this token is the payment processor, rendering it useless to the bad guys - even if they did get their hands on it they’d have no way of linking the token back to the customer’s details.
On top of that, the token created can only be used to process a payment for the specific business in question, further boosting safety.
Before tokenisation came into play encryption was the method of choice for protecting sensitive card data.
Encryption is a similar process of substituting sensitive data during the transaction process, but the key difference is it can then be decrypted on the other end.
Tokens on the other hand cannot be mathematically reversed, meaning the PAN data is never displayed, making tokenisation the safer method.
Tokenisation is specifically designed for online and digital payments, whereas encryption is employed in chip and pin transactions.
If you’ve ever used Apple or Android Pay then you’ve already experienced tokenisation, even if you didn’t realise it.
Mobile wallets like this allow you to add your credit or debit card details into your device for later use. Once inputted these details are sent to your bank who replaces them with, you guessed it, a token.
The token is returned to your provider (Apple or Google, for example) who then add it to your phone ready for you to make payments.
Remember: thanks to tokenisation even if your phone got into the wrong hands your details would be safe.
Tokenisation is used in some payment gateways to protect consumers when shopping online.
So, when a customer is finished browsing and heads to checkout, the website will tokenise the payment details kept on file. That means the customer’s information is safe, even if the website gets hacked.
Good to know: our payment gateways also use 3DS authentication which means your customer will be asked for three digits from their security password when authenticating a payment, adding an additional layer of security.
A digital wallet is an electronic device that stores your payment information, popular examples include the Masterpass digital wallet and Visa Checkout.
They work in much the same way as mobile wallets, whereby consumers can add their card details to their digital wallet for easy access and safer payments.
Despite what their name might suggest you can add cards from a whole host of issuers to your digital wallet - you aren’t restricted to Mastercard for Masterpass or Visa for Visa Checkout, for example.
A card on file payment is when the customer allows the merchant to store their details for future transactions and is typically used for the likes of recurring monthly payments or subscriptions.
With tokenised card on file payments the merchant stores the customer’s token, rather than their sensitive card details, and once more this token can only be used by the specific business in question.
Good to know: we’ve got a dedicated PCI compliance team on hand to help all our customers get compliant.
Here at takepayments we know the importance of safety for small businesses and their customers and that’s why we offer the option of adding Masterpass Version 7 to our payment gateways.
Masterpass 7 allows for safer tokenised payments using whichever card the customer wishes and comes with a whole heap of benefits:
Sold? Reach out to one of our dedicated advisors today to discuss our payment gateways, Masterpass, or both!