Network tokens
What is network tokenization?
Network Tokenization is a service introduced by card networks such as Visa, Mastercard, and American Express. It is a payment method in which the card number (PAN) is replaced with a secure token of the network and used in payments with higher security levels than traditional PAN.
Benefits
Network tokens are known to have higher security and authorization rates, reduced fraud, and improved customer experience.
Increased Security
Network tokens reduce the risk of data breach exposure since the real card PAN is not stored. In addition, each payment is secured by a unique cryptogram also generated by the networks. You can see more details regarding the cryptogram in the relevant section of this guide.
Increased Authorization Rate
Network tokens are proven to have higher authorization rates than tokens issued by payment service providers or token providers, as they are issued by the networks, eliminating potential declines by them. With Network tokenization, there is a reduced scope of SCA requirements. Fewer challenges or step-up authentications cut payment friction and improve authorization rates and payment success.
Reduced Cost
The cost of interchange fees charged by the networks for merchants is lower for the network tokens, as the networks encourage the usage of network tokens, given their benefits for the payment ecosystem. The costs are reduced for the card-not-present network token transactions by an average of ten basis points.
Increased User Experience
Network tokens ensure a frictionless payment experience with automatic renewal and real-time card life cycle management features. Network tokens are updated by the card network when there is a change on the card, such as when a card is renewed after its expiration, reissued due to being lost or stolen, or any other case that makes the card change. This feature ensures that the card that is held on file in the merchant does not need to be updated manually by the cardholder on each merchant’s site but can be updated automatically by the merchant, ensuring a frictionless customer experience.
Merchants can use the card art and thorough issuer/card information to design a better user experience and interface in their checkout. With network tokenization, it is possible to request the graphical details of a payment card, as well as BIN data such as card brand, type, issuer name, or country.
The service allows merchants to tokenize cards entered by consumers during checkout or existing card held on file. That means, you can start using network tokens anytime, and benefit for including the existing customer base.
How to Use Network Tokens?
Onboarding to the networks
The first step is for the merchant to set up a connection and configuration with the networks. Payrails works as an on-behalf-of token requestor and handles the heavy lifting of the integrations with the networks for the merchants. Meanwhile, Payrails merchants become the Token Requestor, to which the ownership of the tokens belongs to them.
Each network has a different onboarding process, requiring a different set of information. Payrails handles this complexity and provides a network-agnostic onboarding process to its merchants. All the merchant has to do is decide which networks to provision network tokens and get onboarded to the networks via the Payrails Portal by providing the network-specific information that needs to be submitted.
Creating network tokens
You can configure a default behavior if you want to provision network tokens in every tokenization request to Payrails. You can decide and send it to each request, which can override the default configuration.
You can also set up rules custom to your business. Payrails helps its merchants identify the optimal rules according to their business performance and goals. Cost, authorization rate, and user experience are the three most important aspects that have to be optimized here.
When a Network Token is requested to be created (in other words, provisioned), sensitive information such as card number and security code is sent to the corresponding Network TSP named 'Token Service Provider', and Payrails receives a Network token reference and Network token. The data received by the merchant will be clarified during the integration according to the merchant's PCI DSS certification level.
There are multiple ways Payrails provides their merchants to use Network Tokens, depending on your needs and your current/objective PCI DSS scope:
| Integration Type | Scope | Integration Effort | PCI DSS Scope |
|---|---|---|---|
| Payrails as Payment Orchestrator | Setup as many provider connections as needed via Payrails, Process payments with those PSPs via a single PSP-agnostic API, Optimize the authorization by leveraging multiple token types during the authorization (Vault token, Network token, provider-specific token, etc.). | High | Low |
| Payrails as Token Vault Provider | Keep your existing provider integrations on your platform as is, Use Payrails to tokenize all sensitive information with its PCI DSS-certified Token Vault, Set up a connection to the provider you wish Payrails to send/receive the sensitive data on your behalf. | Low | Low |
| Payrails as Network Token Service Aggregator | Keep your existing provider integrations on your platform as is, Use Payrails to provision a network token on your behalf using any network you choose. Receive the network token and the cryptogram from Payrails and send those sensitive data to the provider from your platform. | Low | High |
Using network tokens
As explained so far in this guide, network tokens are created by the Token Service Providers (TSP) and obtained from TSPs by Payrails. The next step after creation is using the network tokens, where the TSP should also obtain a secure cryptogram for the particular transaction that a customer initiates.
After obtaining the network token and the cryptogram, they should be passed to the payment service provider that processes the payment. Then, they will be passed to the acquirer, followed by the issuer, who receives the result from the same chain until the merchant’s customer.
The cryptogram requirement differs from one network to the other. It will be always required to process customer-initiated transactions (CIT), will be required for subsequent subscription/recurring merchant-initiated transactions (MIT) for some of the networks, for certain conditions. Payrails handles all the network TSP-specific requirements on behalf of the merchant and steers the merchant integration flow accordingly.
Updated about 2 months ago