facebook noscript

Network Tokenization for Beginners

June 2, 2022
network-tokens-header

As consumers increasingly shop online - especially during the pandemic - cybercriminals have turned their focus to e-commerce fraud, including exploiting credit card processing. According to the Nilson Report, over the next ten years, our industry will lose over $400 billion to fraudsters.

Fortunately, VGS Payment Optimization suite now offers Network Tokens, which lets merchants improve security, mitigate fraud, and secure higher approval rates. Our solution is focused on improving credit card payment processing, and addresses the root causes of payment vulnerabilities, exploits, and data breaches - all while maintaining an excellent end-to-end payment experience.

What is a Payment Card Network?
 

What are Network Tokens?

Network tokens are non-sensitive values that are used to replace sensitive information, such as a credit card number or a primary account number (PAN). Throughout the payment ecosystem, they can be used for almost any business purpose - but they do not carry the security risks of collecting, storing, or processing the original sensitive data.

Network Tokens, as the name suggests, are payment credential tokens provisioned in partnership with the card networks. All of the major payment card networks - Visa, Mastercard, Discover, and American Express - are able to provision and validate network tokens, which may be unique to an e-commerce website, a specific channel, an Internet of things (IOT) device, etc.

Below, we compare the most popular tokenization methods.

Proprietary Tokenization

Proprietary tokens (e.g. owned by a single payment service provider, or PSP) are used by merchants to secure sensitive customer data-at-rest (e.g. card-on-file data). They protect information prior to payment and descope merchants from PCI. However, proprietary tokens are not interoperable throughout the payments ecosystem, because they are only recognized by the PSP in question. Before they can be sent to a payment gateway or card network, the PSP must transform a proprietary token back into a PAN. Therefore, at checkout, sensitive data is still transmitted, which induces risk in the later stages of the payment lifecycle.

PCI Tokenization

PCI tokenization replaces a PAN during certain stages of credit card processing, such as at the PSP/Acquirer stage. While this method provides some benefit to some entities within the credit card processing lifecycle, PCI tokenization also fails to properly protect token transmission in the later stages of credit card processing. In other words, there are still some stages of the payment process where the original, sensitive PAN data is transmitted and processed.

PCI Tokenization Diagram

Network Tokenization

Network tokenization is different. Here, tokens are issued directly from payment card networks in partnership with the issuing banks, which allows them to be used at each stage in the payment processing chain. For example, via network tokenization, a credit card brand can replace a 16-digit PAN with a unique 16-digit token that can be recognized at every stage, and by every entity, in the credit card payment process. Thus, network tokens provide incredible value to cardholders and merchants by preventing the transmission of sensitive information anywhere in the payment processing lifecycle.

VGS works directly with major card networks, such as Visa and Mastercard, to replace 16-digit PANs with unique 16-digit token identifiers. This identifier is then passed to the merchant, which allows them to process payments through VGS, with authentication, and without exposing sensitive card information. While a proprietary token can only be processed by the PSP that originally issued it, VGS Network Tokens are interoperable between PSPs, and recognized by card networks and card issuers. Thus, VGS Network Tokens simultaneously increase functionality and mitigate the risk of fraud.

Network Tokenization Diagram

What is a Payment Card Network?
 

Benefits of Network Tokens

Interoperable VGS Network Tokens provide numerous advantages over other tokenization methods, including:

  • Automated card lifecycle management
  • Enhanced security
  • Fraud mitigation
  • Lower operational costs

Automated Card Lifecycle Management

Every business contends with customer attrition - and its impact on sales. However, customer attrition is often the result of simple changes to an underlying account, such as card replacement, suspension, or closure. VGS Network Tokenization minimizes customer attrition by automatically keeping card credentials up to date, and by reducing false positive declines. This results in higher customer retention, increased payment approval rates, more sales, and increased revenue.

Enhanced Security

Network tokenization replaces sensitive PANs with unique token identifiers, which are used throughout the payment processing lifecycle - from issuer to PSP, processor, and acquirer. When a network token is lost, hacked, or stolen, criminals cannot access the original sensitive data. Even if a malicious user breaches a payment network or its communication channels, they only gain access to junk surrogate data. Thus, network tokens offer superior security for everyone in the card processing ecosystem, including merchants and cardholders.

Fraud Mitigation

The current high level of fraud in the credit card processing ecosystem is both unnecessary and unsustainable. Indicators of fraud lead to card suspension, denial, and reissuance. In the meantime, customers cannot obtain goods and services, and merchants are left holding the bag. VGS Network Tokens provide end-to-end security, covering the entire credit card processing lifecycle, which greatly mitigates the risk of fraud. The surrogate nature of a network token means that a card does not have to be denied or suspended. And network tokens are domain specific, so their replacement can be isolated to a particular merchant.

Lower Operational Cost

The Payment Card Industry Data Security Standard (PCI DSS) protects credit card vendors, in part by requiring audits for data that is “in scope,” such as sensitive card information that is accessible (and potentially exploitable) in cleartext. VGS Network Tokens replace a 16-digit PAN or credit card number with a unique and random 16-digit token identifier. Because an identifier has no exploitable association with the original sensitive information, it does not fall within PCI DSS scope, and is not subject to its auditing requirements. Furthermore, by using network tokens, merchants can reduce the processing costs of their e-commerce based transactions, per Visa/Mastercard, by 5 to 10 basis points (BPS).

Ready for VGS Network Tokens?

If you're ready to see how VGS Network Tokens can improve your payment processing operations, check out our Network Tokens product today.

Ken Geers Kenneth Geers, PhD

Information Security Analyst at VGS

Share

You Might also be interested in...

resource-data-sheet

VGS Card Account Lifecycle Management (CALM)

paymentoptimization

Payments Optimization: Solving Retailer Painpoints

Khyati Srivastava July 29, 2021

accountupdater

VGS Payment Optimization Releases Account Updater

Khyati Srivastava October 24, 2021