Network Tokenization

Network Tokenization Basics

Network tokenization is the process through which card brands substitute a cardholder’s primary account number (PAN) and other card details with a restricted-use (i.e. only by a specific merchant), unique ID known as a network token. The merchant can then use this network token to securely process transactions or store the cardholder’s details on file for future or recurring transactions. Because network tokens are restricted to a single merchant, one PAN can have multiple network tokens—each issued and used by different merchants.

Network tokens are inherently decoupled from their underlying card. This both ensures the security of the cardholder’s PAN and allows the network token to remain functional even when the card’s information changes. As such, customers can make purchases with a network tokenized payment method even if their underlying card is in the process of being replaced or its details were updated.

Network tokens adhere to industry-accepted EMVCo specifications, making them identifiable across the entire transaction lifecycle. This means when a merchant initiates a transaction using a network token, that token can replace the customer’s PAN at every step in the card payment lifecycle. Each key player, including the merchant, acquiring bank, and issuing bank, can all complete the transaction with just the network token.

Benefits of Network Tokenization

Network tokenization benefits merchants, customers, and ultimately, the entire payments ecosystem. The main benefits include: increased data security, decreased fraud risk, fewer declined transactions, and better customer checkout experiences.

Increased Data Security

When merchants, payment service providers (PSPs), and third parties store real card PANs and credentials on file, they become a target for theft and fraud. A breach to a single merchant’s vault could result in compromised payment card details for thousands of customers. By using network tokens, the industry reduces the number of real cards stored in the ecosystem, thus decreasing the risk of fraudulent parties stealing sensitive information at any stage in the transaction lifecycle.

Similarly, network tokens are limited use, meaning only the merchant they're registered to can use them. As such, fraudulent parties can't attempt any transactions with a stolen network token, nor pull any critical data from it.

Network tokens also represent all of a cardholder's card details—not just the PAN. Therefore, when a merchant processes a transaction using a network token, they provide additional context and reduce the risk of fraudulent behavior.

Fewer Declines and Increased Authorization Rates

As mentioned in the Basics section above, network tokens don’t expire when their underlying card changes—they just update. This means customers can still make purchases with tokenized payment methods even if their card was stolen or canceled and is in the process of being replaced. This can be especially beneficial when a merchant saves their customer’s tokenized payment method on file for recurring payments; if that customer’s card changes, their recurring transactions won’t fail. Without network tokenization, customers would have to update their card-on-file immediately to avoid declines

Additionally network tokens are provisioned in partnership with the networks, and are therefore deemed to be more secure and trusted overall. When networks and issuers have a higher level of confidence about the authenticity of the transaction, they're more likely to approve it.

Overall, when merchants process transactions with tokenized payment methods, they can see reductions in decline rates for the following decline reason codes (depending on the card, market, and issuer):

Decline Reason CodeNetwork Tokenization Impact
not_sufficient_funds Issuers may misclassify a small percentage of transactions as insufficient funds due to risk reasons. Network tokens can allow them to be more accurate.
do_not_honor and
refer_to_issuer
Some percentage of these types of declines are really hiding other issues – especially on credit cards. Network Tokenization is a more secure transaction, therefore allowing issuers to accept more transactions confidently.
invalid_transaction Issuers may classify a transaction as invalid for a number of reasons. Network tokenization can eliminate some of the underlying reasons for declining transactions.
invalid_account_no_number,
pick_up_card,
and expired_card
With network tokenization there should be no invalid account numbers.

Better Customer Checkout Experiences

The decrease in declines and lower risk of fraud associated with network token definitely represent benefits to the merchants, but that’s only part of the story. When customers experience lower friction at checkout, consistent recurring transaction approval, and decreases in fraudulent transactions, they’re more likely to have a high opinion of the merchants they purchase from. These satisfied customers then feel confident returning for additional purchases and have a lower churn rate overall.

Lower Operational Costs

Network tokens represent all card details; as such, when you process a transaction using a network token, you send the issuer much more information than you would with a PAN-only transaction. This extra information combined with the overall decreased risk associated with using network tokens can put some transactions into more favorable interchange categories. Depending on your overall transaction volume, this decrease in interchange fees can lead to a decrease in your operational costs overall.

Employing a Network Tokenization Strategy

Network tokenization is a network service, meaning it's a program that offers a direct connection to card brands and their wealth of data. Each of the major card brands (e.g. Visa, Mastercard, Amex, and Discover) offers their own network tokenization programs, meaning you'd typically need to join each brand's program on your own or with the help of your PSP to tokenize all the cards in your vault. This means managing multiple relationships and facing different sets of service fees from each network.

Network Tokenization with Toucan by Pagos

Toucan by Pagos is a network-agnostic tokenization service, independent of your payment service providers. One integration with Toucan allows you to quickly tokenize all the cards in your vault, regardless of network. Pagos manages the relationships and connections with the card brands on your behalf, removing all complexity while still granting you access to this valuable network service.