Behind the Checkout: What is network tokenization?

Increased payment security has been top of mind for businesses for several years, as news throughout the year of major data breaches continues to make headlines. One way of improving payment security whilst improving customer experience has been through the use of tokens. Traditionally, merchants have been using tokens with payment service providers (PSPs) but are increasingly opting for a provider-agnostic strategy of using network tokenization for better flexibility and portability of data.  

But what exactly is network tokenization, how does it differ from PSP tokens, and what are some of the main questions and concerns merchants might have around network tokenization? Co-founder and Chief Product Officer of Gr4vy, Cristiano Betta, breaks it down.

If you prefer to learn via video or audio, access the full recorded ‘Behind the Checkout’ webinar on network tokenization for even more insight. 

What is network tokenization and how can it be used to enhance security? 

While network tokenization has been around for a few years, it’s still a relatively new technology with increasing adoption. Instead of the traditional route of merchants storing card details, those are replaced with network-specific tokens with enhanced security and portability. 

Many merchants will have used tokenized cards with a payment service provider (PSP), which replaces the card data with a PSP-specific token which is sent on every request, rather than relying on the original card data. Network tokenization extends this idea by giving a merchant a similar, yet PSP-agnostic solution. Merchants can send the card data to a network tokenization service, such as Gr4vy, and that service will determine what scheme to connect with and then issue a network token. It’s similar to the original process but unlike PSP tokens, merchants are not restricted to using that token with any PSP, allowing for more flexibility. 

What are the benefits of network tokenization for merchants?

There are a range of benefits besides portability – the main ones include higher authorization rates, lower costs, and account updater functionality. There are several industry reports, but it works out at about a 40-50 basis point (BPS) uplift in authorization rates just from using network tokens. 

To find out more about how network tokenization can increase authorization rates for merchants and other benefits for merchants, check out the full recording of the ‘Behind the Checkout’ webinar

On the technical side, network tokens have a built-in account updater, taking the burden from the merchant to use an additional account updater service. If, for example, a customer is issued a new card by the bank because their card expired or was misplaced, the network token will automatically start to refer to that new card. This is particularly beneficial to merchants that are doing recurring payments because it increases the longevity for the merchant. No longer will subscription payments bounce each time a customer changes their card details. 

What are some of the considerations for merchants when selecting the right provider for network tokenization?

One of the main things a merchant should be considering is the restrictions they may face as they grow. One of the key benefits of choosing a network token over a PSP token is the portability and the ability to use that token with multiple payment service providers rather than getting locked into one. 

When a merchant generates network tokens, it is extremely important to consider who owns those tokens – are they generated for the merchant? Or are they generated for the payment service provider? For merchants that want more flexibility, an external vault becomes essential. With external vaults, the token that’s generated belongs to the merchant, and therefore a merchant can take those network tokens anywhere. They can use them in the vault provider’s system, or they can use them externally with whichever service they choose. Portability and ownership go hand-in-hand. 

For more information on Cloud Vault and how merchants can ensure maximum data portability across their card data when working with multiple PSPs, check out this article with four actionable insights. 

Finally, merchants should consider the risks of shared tenancy. A lot of vault providers operate on a Software-as-a-Service (SaaS) shared tenancy model which means merchants share the risk with each other should anything go wrong. With an Infrastructure-as-a-Service (IaaS) model, merchant and customer data is completely segregated, so if there are any issues or concerns, and a merchant wants to pull their data out, it’s their data to move as they see fit. 

To access the full webinar with more information and insights on the areas covered above, view the library of on-demand ‘Behind the Checkout’ content here. If you’re interested in learning more about Gr4vy, and how its centralized vault makes it easy to store, pull, update, and distribute all your card data, simplifying compliance while ensuring you are always on top of local data regulations, check out Cloud Vault, and get in touch with a member of the team.