Dynamically updated network tokens help merchants realize higher authorization rates and simplify fraud management. Payment methods are updated in real-time, ensuring credentials are always up-to-date, even after a physical payment method has been locked due to fraud. Expired cards, invalid account numbers, and CVV/CVC failures are no longer relevant. The improved user experience reduces consumer friction during checkout and payment processes.
More generally referred to as Payment Tokenization, EMVCo defines it as “a surrogate value that replaces a primary account number (PAN) in the payment ecosystem.” Payment tokenization is different from PCI tokenization which only replaces a PAN at one specific point in rather than across the entire payment ecosystem. PCI tokens are only meaningful to the merchant and tokenization provider, while payment tokens are meaningful and interoperable across every player in the ecosystem of a single payment.
Payment tokens are domain specific, limited to a single device, merchant, transaction type, or channel. Payment tokenization has been popularized by device-specific methods such as card chips and mobile pay solutions like Apple Pay and Google Pay. Network tokenization is a type of payment tokenization relying on the card networks to provision merchant-specific tokens.
Different from PCI tokenization, network tokens are interoperable from end-to-end in the payments flow, resulting in the PAN never needing to be revealed or transmitted to any party during a transaction. Network tokens are provisioned by a card network (token service provider) and domain restricted to a single merchant (token requestor). They fall outside of PCI scope since each network token-based transaction must be authenticated using merchant-specific credentials. PCI scope is eliminated and risk of breach is no longer relevant because a token alone is useless without being able to perform merchant-specific authentication per transaction.
Furthermore, providing end-to-end interoperability in the transaction lifecycle ensures there is never an opportunity for loss of PAN data. PCI tokenization, helps reduce merchant PCI scope by replacing PAN with a tokenized value, but PCI tokens can not be accepted for transacting across all entities in the payment flow - banks must receive the original PAN to process a transaction. Detokenization typically happens at the merchant, service provider, or gateway level in order to complete the transaction, and this creates risk for leakage of sensitive data during transmission. Network tokens are interoperable at every level - issuer, merchant, gateway, and acquirer. The PAN is no longer relevant in a network token environment, and risk of leakage of PCI data is eliminated.
Fast-growing merchants will invest a great deal of effort to improve authorization success rates a few basis points. According to a study by Visa (VisaNet, Jan-March 2019), transacting with network tokens provides an average 3.2% authorization lift over using PAN for card-not-present transactions by eliminating declines related to fraud, expired, or lost credentials, and boosting issuer confidence.
Declines resulting from suspended accounts due to fraud are eliminated. In a traditional fraud scenario, a single fraudulent transaction will suspend the cardholder account entirely until a new card has been issued and received by the cardholder. However, network tokens are neither suspended due to fraud nor require update by the cardholder. Fraud resulting from a PAN transaction or another merchant’s fraudulently provisioned token does not affect any other token in the ecosystem. Each network token is domain restricted to an individual merchant, and this enables card networks and issuers to confidently continue supporting transactions for a cardholder whose PAN has been suspended due to fraud.
Dynamically updated network tokens never expire. Built on top of the same technology as the card network Account Updater solutions, network tokens are updated in real-time. As changes are pushed from an issuer, the card network automatically pushes those changes to each merchant-specific network token. Declines due to expired account credentials are eliminated, and cardholders never need to enter new account credentials to maintain card-on-file accounts which are key to eCommerce and subscription based merchants.
As a result of improved security and domain restrictions, issuers have overall greater confidence in network tokens which leads to lower false decline rates. The timing of fraud screening shifts from the time of transaction to the time of tokenization, prior to an authorization being attempted. Performing fraud screening during the token provisioning process reduces the need to screen for fraud during following card-on-file transactions, eliminating much of the risk of false declines.
The cumulative effect of all of the above benefits is a better consumer checkout experience for digital transactions. 32% of cardholders will stop shopping with a merchant after a single decline, and the estimated global revenue loss due to false declines alone is $331 billion (BI Intelligence, 2016 Payments Ecosystem Report).
Eliminating expired card-on-file account credentials results in consumers never needing to log in to update payment methods. Authenticating the merchant rather than the cardholder during a transaction, there is no longer a request for CVV/CVC or other verifications that could be forgotten or inaccurately entered, resulting in false decline. Accounts are verified during token provisioning, eliminating the need for merchants to perform a $1 or $0 authorization that shows up on the cardholder’s statement.
On top of the direct benefits during checkout, network tokens are also the foundation to enable new value-added services such as Secure Remote Commerce (SRC). Bringing together Mastercard, Visa, American Express, and Discover to provide a cross-channel shopping experience, SRC provides a standardized, best in class checkout solution for every merchant processing digital transactions. Supported by another EMVCo standard specification, SRC for digital transactions is intertwined with network tokenization to provide a seamless, standardized checkout experience.
Learn more about how Spreedly helps merchants to optimize their revenue and support tokenization. Or contact Spreedly to talk to a payments expert about your optimization efforts and how we have propelled results for our customers.