Skip to content

IBS Intelligence: Not all tokens are created equal

Tom x IBS


As cyber criminals become more sophisticated and payment providers race to keep up, many are turning to tokenisation to strengthen security. While the pressure to move quickly can weigh heavy on the shoulders of business, it’s important to make sure the right technology is being integrated – as not all tokens are created equal.

Using a system of encryption and secure storage, tokens replace the Primary Account Number (PAN) with a randomised string of characters, shielding the valuable card information, which is
protected within a secured vault. The merchant keeps hold of the token information for future processing, but as it holds no inherent value, there is little risk if this data is hacked or stolen, because the data cannot be decrypted. The added advantage of storing tokens instead of card data is that it reduces merchants’ PCI compliance burden – delivering a significant benefit to merchants.

While tokenisation is a valuable solution, there are several different types of token– some which have more restrictions or advantages than others. For instance, gateway tokens – which are produced by the payment gateway that the transaction is being processed through,
essentially operates in a walled garden, where the tokens can only be used within the ‘closed loop’ of that particular gateway or PSP. This creates a system of dependency between the merchant and their provider of the token service and prevents the tokens from being used
with other gateways or acquirers.

In order to meet growing consumer demand for better payment experiences while still controlling costs, merchants must ensure that agility is at the core of their operations and they can flex their payments infrastructure in line with business and market needs. It’s for this reason that many enterprise merchants are moving to a multi-acquirer strategy and need to take a more holistic approach to fraud prevention and data security.

This is where the cracks in some token models start to show. To transition to or add a new payment provider, a complex, expensive integration or migration process is required. In a time of rapid technological innovation in payments, merchants need to maintain their ability to move swiftly, and being limited by closed loop tokens could be truly detrimental.

Network tokenisation, however, presents a solution to this challenge.

The interoperable alternative

Instead of generating a token that only holds value within a specific relationship or payment route, network tokens are issued by the card scheme, rather than the acquirer or payment service provider, which means they can be used across the payments landscape with compatible services. One significant advantage to this is that merchants can choose a multi-acquirer strategy with much greater ease and simplicity, allowing them to benefit from cost optimisation and payment acceptance uplift opportunities, as well as to link into new providers for new markets.

Not only are network tokens interoperable, but they also bring about higher authorisation rates, as card details are automatically updated by the card scheme, with Adyen finding a 3% average improvement once implemented. Network tokenisation also supports cheaper
transactions, because the schemes offer lower interchange fees for merchants using network tokens.

There are, however, still elements of dependency within the network token model. An example of this is payment processors. Despite the flexibility of network tokens, merchants still fundamentally rely on a processor to ensure a transaction can be completed – creating a single point of failure outside the merchant’s control.

Payment orchestration, however, can provide merchants with access to multiple backup processors, allowing for a fallback should their primary choice become unavailable, solving this potential issue.

Not only does orchestration allow for a secure failsafe should processors experience outages, it also allows for a seamless transition between different platforms. Due to the flexibility of a network token, if a merchant wishes to transition between their arrangements, they
can do so with ease.

It’s also worth noting that direct enablement of network tokens among PSPs and acquirers is mixed at the moment, so using tokenisation via an orchestration solution ensures that network tokens can be used wherever there’s opportunity to do so.

Taking a 360° approach to fraud prevention

Fighting fraud does not have a ‘single shot’ solution – it takes a defence force of different approaches; and merchants must take a 360° approach to defending against criminals. With the growing sophistication of fraud attacks, merchants need payment technologies to knit together into a defensive grid, protected from all angles.

This includes taking a holistic approach to fraud prevention, going beyond tokenisation and data security to protect the transaction, authentication, and authorisation process in flow, as well as data that’s stored on file.

Since network tokens are interoperable, they give merchants the ability to utilise the latest and greatest in fraud prevention tools without being impeded by a costly and complicated transition period.

Utilising payment orchestration, merchants are able to quickly onboard new solutions to fight against emerging fraud strategies, adapting to new threats with ease.

Publication: IBS Intelligence
Spokesperson: Tom Voaden