A token is a value that goes securely through the network to process payments without exposing actual card data. Tokenization aims to replace or represent specific sensitive information without compromising its security.<\/p>\n
The 16-digit payment card account number is replaced with a unique digital identifier, or the \u201ctoken,\u201d for mobile and online transactions. The tokens are randomly assigned, so it\u2019s near impossible to reverse-engineer or compromise a token.<\/p>\n
Physical tokenization has existed since the invention of currency. Token coins replaced actual coins or banknotes in physical tokenization. These token coins have a real identity and value but limited usage. For example, casino tokens can only be used inside casinos.<\/p>\n
The concept of digital tokenization came from the idea of physical tokenization. In 2001, Trust Commerce created the concept of tokenization to protect sensitive payment data for a client. After that, tokenization has gained acceptance worldwide with the involvement of card networks like VISA, Mastercard, American Express, Discover, and JCB, and payment platforms like Apple Pay, Samsung Pay, and Google Pay, facilitating tokenization in retail payments through mobile devices.<\/p>\n
Tokenization benefits the payments industry in the following ways:<\/strong><\/p>\n There is the different basis of classifications of tokens. It can be based on usage, formats, value and so on.<\/p>\n Specific format-preserving tokenization schemes maintain the IIN (first six digits) and the last four digits of the card number.<\/p>\n How does tokenization work for card payment transactions?\u202f<\/strong><\/p>\n Let us assume that a merchant has implemented tokenization. The card network that will process the payment transaction is the Token Service Provider.<\/p>\n An organization might self-manage tokenization or use tokenization as a Service (TaaS) offered by other third-party service providers.<\/p>\n Various credit card providers have tokenization mechanisms. Two of the most well-known are the Visa Token Service (VTS) and Mastercard\u2019s Digital Enablement Service (MDES).<\/p>\n Some of the other tokenization providers in the market are Fiserv, American Express, TokenEx, 3D Delta Systems, Meawallet and BellID.<\/p>\n Conclusion<\/strong><\/p>\n\n
\nMerchants store tokens instead of credit card numbers in their POS machines, mobile wallets, and eCommerce platforms, so actual card data is protected from security breaches.
\nA new token is sent over the internet, instead of sensitive data, during an online payment transaction, so the card data is not exposed to hacking.<\/li>\n
\nPCI Requirement 1 \u2013Install and maintain a firewall configuration to protect cardholder data
\nPCI Requirement 3 \u2013Protect stored cardholder data
\nPCI Requirement 4 \u2013Encrypt transmission of cardholder data across open, public networks
\nPCI Requirement 9 \u2013Restrict physical access to cardholder data<\/li>\n\n
\n
\n
\n
\n
\nThe above two processes, token request and issuance, are part of Token Provisioning.<\/strong><\/li>\n\n