The Green Sheet Online Edition
May 12, 2025 • 25:05:01
The ERA of tokenization is now
Payment transactions should not be overly complicated; only a little (albeit, specific) information is needed to process them. Today, the required simplicity of online shopping has changed this significantly, but behind the scenes, complex security systems are working hard to keep your payments safe.
Gone are the days when merely entering a card number and expiration date sufficed to complete a transaction. As cyber threats have grown more sophisticated, so have the layers of security and information required to make payments.
Whether it's the addition of CVVs or the potential sharing of data such as your IP address and social media activity, consumers must be more vigilant than ever about the information they provide.
Hackers can access stolen payment details on the dark web for just $10 without breaking into the database. NordVPN researchers discovered that 1.6 million card details are illegally available for anyone to use (see bit.ly/3GYw716). Ensuring security should be at the forefront of the process for all payment stakeholders. Merchants continue to demand information to develop alternative means to protect cardholders.
Payment processors know fraudsters are unlikely to have access to all the data required to impersonate a genuine customer. Consequently, the more data, the better the fraud prevention. However, this approach also introduces significant risks. With 40 billion records exposed in 2021, sharing vast amounts of personal data digitally creates opportunities for bad actors to intercept and misuse sensitive information (see bit.ly/42Nt70b).
What if there were a way to secure your card information so that even if it were stolen, it would be useless? Enter tokenization: a technology transforming how we think about payment security.
Defining tokenization
Tokenization first appeared on the scene in 2013 as a security standard. However, it quickly grew in popularity, and by 2014, Mastercard had launched its Digital Enablement Service with tokenization, securing billions of transactions that year.
The process of tokenization creates a "token," which is a randomly generated sequence replacing your 16-digit card primary account number (PAN). These tokens can't be decrypted without the payment network that issued them; hence, even if hackers were to access the token database, they'd be unable to use them, saving billions of dollars in the long run.
How tokenization works
When you input your card details into a digital wallet or an online merchant's site, the payment system requests a token from the payment network. This token is stored in place of your actual card number.
For example, if you save your card details with an ecommerce site, the site stores the token rather than your real card data. During a transaction, the token is combined with a one-time cryptogram generated by your device or merchant account to authenticate the payment securely.
Why tokenize?
Tokenization provides multiple advantages for all payment stakeholders:
- Minimized data usage: Aligning with the requirements of the General Data Protection Regulation (GDPR), the process of tokenization helps merchants reduce the volume of detectable information from customers.
- Simplified compliance: Merchants using tokenization reduce their burden of complying with the Payment Card Industry (PCI) Data Security Standard (DSS) and related security standards, saving time and resources.
- Enhanced security: Tokens eliminate the need for merchants to store sensitive card details, reducing the risk of data breaches. Even if a hacker gains access to stored tokens, they're useless without the corresponding payment network.
- Increased fraud prevention: Transactions using tokens are less likely to be fraudulent. Fewer false declines mean a smoother checkout experience for customers.
- Seamless automation: If your physical card is lost or expires, tokenized transactions can continue uninterrupted. The payment network updates the token automatically when your card details change.
How tokenization has evolved
Tokenization systems were initially proprietary and limited in scope. Merchants had to rely on specific payment processors, creating "walled gardens" of tokens that lacked interoperability. This often led to inefficiencies and restricted merchants' ability to optimize their payment systems.
Today, network tokens—issued directly by payment networks like Mastercard—have revolutionized the process. Unlike traditional tokens, network tokens are interoperable across platforms, gateways and merchants. They provide additional benefits, such as lower processing fees and automatic updates when card details change.
Network tokenization's role in payments
Tokens help reduce friction and delays ordinarily associated with the expiry or change of card PANs, lowering charges. Cybersource completed research showing a 26 percent fall in fraud traced to network tokenization. The token automatically updates when the cards remove the additional customer details entry.
This seamless experience benefits merchants, too. Higher authorization rates, typically ranging from 3 percent to 13 percent, can significantly impact revenue in high-volume sectors like ecommerce and digital goods. Network tokens also enable advanced features like Click to Pay and biometric authentication, creating a frictionless payment experience for customers.
Case study: Solidgate
Tokenization doesn't just enhance security; it also simplifies operations for merchants. Storing tokens instead of raw card data reduces PCI DSS compliance challenges and protects customer information in the event of a breach. Additionally, network tokenization's ability to maintain seamless transactions helps merchants retain customers and improve conversion rates.
Solidgate is a great example of what tokenization can do: the company is an ambitious payment processor, laser-focussed on the goal of processing $100 billion USD in transactions in the next five years.
Subscriptions are a major source of Solidgate's revenue, and that comes with challenges. On one hand, subscriptions should mean predictable sources of revenue, but in practice they are complex and difficult to master; hence that is why there is so much emphasis on controlling churn.
Having a repeat payment fail significantly raises the possibility of a customer deciding to discontinue their subscription, so it is vitally important that acceptance rates are as high as possible. Tokenization can be a major part of this; the increase in authorization rates also decreases customer churn, and each customer can be worth hundreds or thousands of dollars per year.
What comes next?
In one way or another, digital payments are being reshaped by tokenization. Innovative technologies such as passkeys, biometric verification and customer white-listing are converging with tokenization, resulting in increasingly secure and convenient payment methods.
Mobile devices are acting as hubs for this convergence, creating unified, user-friendly systems. For merchants and payment providers, investing in tokenization, including network tokenization, is crucial. It's not just about mitigating fraud; it's about leading the way in delivering the secure, seamless payment e
Anne Willem de Vries, co-founder and CEO of Silverflow, combines a strong analytical mindset with a passion for delivering results. After finalizing his degree in applied physics, he joined the Amsterdam office of Bain & Co. He moved on to work in private equity and subsequently gained experience in card payments at Adyen, where he was integral to the cards acquiring team. At Silverflow, he is responsible for product and the overall commercial, financial and operational activities. Silverflow is a new kind of payment processing platform designed for today's payment needs and fit for the future. To learn more, visit: www.silverflow.com/.
Notice to readers: These are archived articles. Contact information, links and other details may be out of date. We regret any inconvenience.
