Executive Summary:

Network tokens are becoming the gold standard for protecting customer payment data. Issued directly by the major credit card networks, network tokens offer unmatched transaction security, lower fees, higher authorization rates and streamlined compliance, among other benefits. Their adoption is now near universal among payment service providers, and their popularity is surging with merchants. As adoption accelerates, network tokens are supplanting processor tokens as the industry’s preferred tokenization method, reshaping the payments security landscape. For front-line service providers, offering network token support is becoming a baseline expectation and a critical value-added service necessary to stay competitive.

Introduction:

Customer payment data is a high-value target that makes cyberattackers salivate. Credit card networks, payment processors and merchants go to great lengths to keep it safe, and the latter two face huge penalties and even huger remediation costs for failing to do so. Today, network tokens are emerging as the industry standard processors and merchants turn to for protecting card data and walling off cyber threats, and adoption is skyrocketing.

Network tokens are exploding because they have a lot to offer over the solutions they’re replacing. They provide better security from cyberattacks and fraud – not just for merchants, but for everyone in the payments chain. They offer better authorization approval rates for merchants, which boosts revenue and improves the customer experience. They offer lower interchange rates in many countries. And they offer a new revenue opportunity for payment service providers (PSPs), both through increased residuals on approved transactions and on the fees that can be charged for providing easy-to-sell token management solutions.

In this article, we’ll take a deeper look at the network token value proposition, the state of their adoption, and the opportunities their rise presents to both merchants and PSPs.

What are Network Tokens and How Are They Different?

Tokenization is the process of replacing sensitive customer data with a randomly generated data string that contains no sensitive information and is useless to bad actors.

The key piece of data the token replaces is the customer’s Primary Account Number (PAN) – without which credit card fraud is not possible. The token provider stores the customer’s payment data on its own servers and creates tokens to represent it that are unique to each combination of cardholder and merchant. So no two merchants will have the same token even if they’re processing the same card. When a merchant needs to access the customer’s card, it can call the token from its database – known as a token vault – and send it through the network for authorization, processing a payment without ever being exposed to the customer’s card information.

Being able to access card-on-file payments without actually having the card on file is a huge boon for merchants. It enables recurring payments for subscriptions and memberships, one-click signed-in checkouts and more, while freeing the merchant from the threat of expensive data breach remediation.

Network Tokens vs. Payment Tokens

Tokenization is not new, but for many years, most merchants only had access to one type of token – payment tokens issued by processors. These large PSPs took responsibility for storing customer card data and issuing their own secure tokens as a value-added service to offer merchants.

Today, the credit card networks themselves are increasingly providing that service – known as network tokenization. Network tokens are issued directly by the network badged on a cardholder’s credit card, the big four being Visa, Mastercard, Discover and American Express. The tokens act in the exact same manner as processor payment tokens, but they skip the middleman altogether, simplifying the process and removing one additional data storage point, reducing the attack surface.

The Current State of Network Token Adoption

Network tokens have technically been around for a while, but they were a slow starter up until recently. Today, network tokens are seeing very strong adoption among both merchants and payment service providers (PSPs). According to research from PYMNTS and Mastercard, 78.2% of merchants currently enable tokenization in general, and network tokens have surpassed processor payment tokens in popularity – 28.2% of merchants have opted to go solely with network tokens, versus 17.3% that only offer payment tokens. 32.7% currently offer both, but there’s a good chance that number is going to drift down as more merchants move to network tokens alone.

Merchant-side network token adoption also demonstrates a skew towards larger sellers. Merchants doing over $1 million in revenue per year are much more likely to use network tokens than smaller merchants, 40% of whom have yet to adopt tokenization at all.

On the provider side, network tokens have been almost universally adopted. 88% of PSPs now support network tokenization, with 75% offering it alongside payment tokens and 13% offering it as their only tokenization solution. Those numbers may also trend towards more providers offering only network tokenization as coverage gaps close up and the need for processor payment tokens lessens.

Why Network Tokens are Better Solutions That Will Soon Dominate Tokenization

Network tokenization is already eating into processor-side tokenization. While a small percentage of merchants may opt to use both to ensure complete coverage, the vast majority will only use one or the other.

Network Tokens Take Transaction Security Directly to the Source

The core value proposition of tokenization is security. By replacing the PAN with a unique and non-sensitive piece of data, tokenization walls off bad actors. A hacker could steal a merchant’s entire token vault and it would be completely useless to them because the tokens are randomly generated and can’t be traced back to a PAN in any way. But that is

Network Tokens Reduce PCI Compliance Burden and Liability

Because the card networks also control the Payment Card Industry Data Security Standard (PCI-DSS), trusting them with tokenization is an ideal way to minimize both PCI compliance burden and potential liability.

Network Tokens Reduce False Positives and Boost Approval Rates

Network tokens offer two big benefits to transaction approval rates: they’re highly trustworthy and they automatically update.

Network Tokens Offer Better Interchange Rates

The major card networks want merchants to use their network tokenization solutions, and they financially incentivize them to do so through interchange rates. In some cases, discounts are offered. Visa, for instance, sets interchange fees as much as 10 basis points (0.1%) lower for network tokenized transactions in certain countries, including the U.S. and Canada.

What It All Means for Payment Service Providers and Merchants

Ultimately, network tokens are likely to become the baseline standard for transaction security and the vast majority of merchants will use them. In the meantime, the availability of this enhanced tokenization solution has some big implications for both merchants and their processing partners.

Better Security and More Money Now Go Hand in Hand

The main selling point for merchants is that network tokens offer them better security

There is No Time for PSPs to Hesitate on Adopting and Offering Network Tokens

For service providers, network tokens offer the same benefits, but from a slightly different angle. On the security side, merchants utilizing network tokens are less susceptible to fraud, the losses from which ultimately impact the service provider. That means PSPs benefit from having their merchants on network tokens. That’s one reason PSPs may choose to pass the savings on interchange through to merchants. But, they don’t have to.

Originally posted on Digital Payments Intelligence, at DPIntel.com.