What's payment tokenisation?

Published: 30/09/2020

As a small business owner, naturally, the safety of your and your customers’ data is at the top of your list of priorities.

You’ve probably heard the work tokenisation bandied about, in fact it’s become a bit of a buzz word in the world of payments, but what does it really mean?

In this article, we’ll break it down and clue you up on what it is, how it’s used, and the benefits it offers your business.

What is tokenisation

In it’s purest form, tokenisation is an additional safety measure that adds an extra layer of security to sensitive card data.

How? Tokenisation cleverly substitutes the sensitive data involved in a card payment for an algorithmically generated number, also known as a token.

The aim of tokenisation is to prevent anyone with malicious intentions from duplicating a consumer’s bank information. Tokenisation exists to help prevent fraud.

How does it work?

When you look at your credit or debit card you’ll see the 16-digit personal account number printed across the front, this is called the PAN.

When a customer comes to pay with their card tokenisation leaps into action and replaces this 16-digit PAN number with a series of randomly generated tokens.

This means the PAN number, which is sensitive to fraud, doesn’t get entered into your payment network when you process their payment, only the token does.

Thanks to tokenisation the customer’s bank details are never exposed and are instead stored in what’s called a ‘secure token vault’.

The only person capable of reading this token is the payment processor, rendering it useless to the bad guys - even if they did get their hands on it they’d have no way of linking the token back to the customer’s details.

On top of that, the token created can only be used to process a payment for the specific business in question, further boosting safety. 

Tokenisation vs. encryption

Before tokenisation came into play encryption was the method of choice for protecting sensitive card data.

Encryption is a similar process of substituting sensitive data during the transaction process, but the key difference is it can then be decrypted on the other end. 

Tokens on the other hand cannot be mathematically reversed, meaning the PAN data is never displayed, making tokenisation the safer method.

Tokenisation is specifically designed for online and digital payments, whereas encryption is employed in chip and pin transactions.

Tokenisation in action

Mobile wallets

If you’ve ever used Apple or Android Pay then you’ve already experienced tokenisation, even if you didn’t realise it.

Mobile wallets like this allow you to add your credit or debit card details into your device for later use. Once inputted these details are sent to your bank who replaces them with, you guessed it, a token.

The token is returned to your provider (Apple or Google, for example) who then add it to your phone ready for you to make payments.

Remember: thanks to tokenisation even if your phone got into the wrong hands your details would be safe.

Payment gateways

Tokenisation is used in some payment gateways to protect consumers when shopping online.

So, when a customer is finished browsing and heads to checkout, the website will tokenise the payment details kept on file. That means the customer’s information is safe, even if the website gets hacked.

Good to know: our payment gateways also use 3DS authentication which means your customer will be asked for three digits from their security password when authenticating a payment, adding an additional layer of security. 

Digital wallets

A digital wallet is an electronic device that stores your payment information, popular examples include the Masterpass digital wallet and Visa Checkout.

They work in much the same way as mobile wallets, whereby consumers can add their card details to their digital wallet for easy access and safer payments.

Despite what their name might suggest you can add cards from a whole host of issuers to your digital wallet - you aren’t restricted to Mastercard for Masterpass or Visa for Visa Checkout, for example.

Card on file

A card on file payment is when the customer allows the merchant to store their details for future transactions and is typically used for the likes of recurring monthly payments or subscriptions.

With tokenised card on file payments the merchant stores the customer’s token, rather than their sensitive card details, and once more this token can only be used by the specific business in question.

The benefits of tokenisation

  1. Perhaps the most obvious benefit of tokenisation for business owners is it allows you to keep your customer’s information safe therefore protecting both you and them from card fraud.
  2. Tokenisation allows for fast, simple, and super convenient payments, and that’s what consumers demand in 2020. Using the likes of mobile and digital wallets there’s no need to manually type in card details to make a purchase so repeat transactions are a doddle.
  3. If you, as a business owner, allow for tokenised payments on your website you could benefit from increased sales as the checkout process is a piece of cake.
  4. Tokenisation is simple and straightforward to implement on your website via your payment gateway (so long as your provider allows for it).
  5. And last but not least tokenisation is fully compliant with the PCI DSS standards, in fact, it may even make your own compliance simpler and cheaper, as employing tokenisation means you won’t be storing as much sensitive customer data. 

Good to know: we’ve got a dedicated PCI compliance team on hand to help all our customers get compliant.

How to get started

Here at takepayments we know the importance of safety for small businesses and their customers and that’s why we offer the option of adding Masterpass Version 7 to our payment gateways.

Masterpass 7 allows for safer tokenised payments using whichever card the customer wishes and comes with a whole heap of benefits:

  • Offer more choice to your customers when it comes to paying
  • Give consumers the convenience they demand
  • Take quick, easy, and secure payments
  • It’s super simple to set up
  • You could boost your sales
  • There’s no additional cost for Masterpass payments (unlike some digital wallets…)
  • Futureproof your business - the latest version of Masterpass is compatible with the forthcoming Secure Remote Commerce global standard for mobile and e-commerce payments.

Sold? Reach out to one of our dedicated advisors today to discuss our payment gateways, Masterpass, or both!

Vanessa Littler

Vanessa Littler

Digital Marketing Executive

Get your FREE quote today.

We will use your information in accordance with our Privacy Policy.

Related articles.

Takepayments Barclaycard