What's payment tokenisation?

Published: 30/09/2020

It sounds complicated, but we'll explain in simple terms what payment tokenisation is in this blog.

It's the process of protecting a person's sensitive data by replacing their card details with a series of randomly-generated numbers, which are also known as a token.

The information is then stored and used for repeat payments without businesses having to keep credit card information within their payment systems. This could be in a mobile wallet, like Apple or Google Pay, or one-click checkout system, like you might see on websites such as Amazon.

It’s becoming more and more commonly used particulary as people are now looking for safer ways to pay during the COVID-19 crisis. And Mastercard have reported that nearly 75% of all card globally are ready to be tokenised and it’s designed specifically to prevent online or digital security breaches.

So, how does it work?

First up, what can be tokenised? Well, a name on a debit and credit card, the 16-digit personal account number (also known as PAN), expiration date and security code can all be tokenised.

Let’s take the PAN as an example.

When a customer uses their card to pay, the PAN is automatically replaced with the randomly generated number (token), so the original PAN doesn't actually enter your payment system – only the token. You can then use this token ID to keep records of the customer, rather than their personal details.

When you take a payment from this customer, the token is sent to the payment processor who then de-tokenises the ID to authorise the payment.

The token can only be read by the payment processor, so, if anyone else were to get hold of it, they’d have no way of linking the token back to your customers original details. Clever eh?

The token is also only valid with your business, so it can’t be used to process payments with any other business. This is done to improve safety and security.

How does this benefit your business?

You’ll be able to keep your customers’ data and information safe, protecting you and them against credit card fraud.

Not only that, but it’s a fast, safe and easy way for your customers to be able to pay.

So, when your customer goes to pay through their mobile wallet, such as Apple or Google Pay, or if they pay online, they won’t need to enter their full payment details every time. Making the payment process even easier for returning customers

It’s easy and quick to implement online too, and you could benefit from higher sales conversion on your website, as your customers will be able to pay with one simple click at the checkout.

It’s also fully compliant with PCI DSS compliance.

Where is tokenisation used?

It's designed specifically for online and digital payments.

Card on file payments

Card on file payments is when the card holder lets you (the merchant) store their payment details. They can then authorise you to bill their stored account. It can be used for things like paying for subscription payments and recurring bills.

With tokenisation, you can store your customers’ token to take a payment, rather than their personal details. As we mentioned earlier, this token can only be used by your business, so nobody else will be able to use it for payment.

Mobile wallets

Apple Pay and Google Pay

If you’ve ever used Apple Pay or Google Pay, you’ll have already used tokenisation when paying.

They both let you add your credit cards and debit cards to your phone or another device.

When you add a card to your device, the details are sent to your bank, and they replace them with the token.

That token is sent back to Apple or Google, and added to your phone for you to use with a tap.

Digital Wallets

Masterpass Digital Wallet

Mastercard's Masterpass Digital Wallet uses payment tokenisation to take payments.

It works like Apple Wallet and Google Wallet, so your customers can add their Mastercard card details to their wallet for easy access. 

Visa Checkout

Visa Checkout by Visa uses payment tokenisation to protect card information.

You create a free Visa Checkout account. Here, they’ll be able to enter their details which will be stored in a secure data vault.

Every time your customer uses Visa Checkout, the details will be changed into a token which is used for payment.

By having the details stored in the data vault, it means that your customers won’t need to enter their details every time. All they need to do is login and pay.

Payment gateways

Some online payment gateways use tokenisation to help protect your customers when they pay online.

That means that when your customers go to pay online, the website will tokenise the numbers kept on file, so that their information should be safe, even if it gets hacked. The token also can’t be switched back into the original details and can only be used by the payment processor.

At takepayments, our payment gateways also use 3D secure authentication as additional security for online payments. This means that customers will need to be asked for 3 digits from their security password to authorise payment.

Plus, with a takepayments payment gateway, you can get Masterpass Version 7 (also known as Masterpass 7) which lets you add the Masterpass button on your payment gateway.

Using a one-click payment button, they’ll be able to pay with any credit card or debit card of their choice using their Masterpass Digital Wallet.

If you’re interested in getting set up with a payment gateway, we are here to help. Our solution can be integrated to your website and is compatible with most of the leading shopping carts.

It can be fully customised with your brand to match the rest of your website. With no set-up fees and a short 12-month contract, get started with takepayments today.

Vanessa Littler

Vanessa Littler

Digital Marketing Executive

Get your FREE quote today.

We will use your information in accordance with our Privacy Policy.

Related articles.

Takepayments Barclaycard