Why online merchants should care about payment tokenization

Perhaps it sounds like just another boring technical buzzword, but if we told you that tokenization can save you big money (and plenty of hassle), make customers love you, and future-proof your omnichannel strategy, would you listen?

We thought so. It would be bad business not to.

Tokenization is the process of replacing a sensitive data element, such as a credit card number, with a surrogate, non-sensitive value. For example, when a customer enters a 16-digit card number on your checkout page, the number does not enter your system: instead, it is replaced with a randomly generated string of characters—a token.

The number one advantage is that tokens are useless for fraudsters. Unlike encryption, tokenization cannot be mathematically or logically reversed. So even if tokens are compromised or stolen, there is no way to link them to the safely stored payment information.

But besides this excellent security benefit, tokenization has multiple other virtues as well. Let us take a closer look at why tokenization should be a fundament of your online payment strategy.

Reduce your PCI scope and lower your costs.

For merchants, one of the main benefits of tokenization is to remove sensitive customer data from your environment.

Because tokens cannot be used to retrieve sensitive payment information, the Payment Card Industry Data Security Standard (PCI DSS) does not consider them as cardholder data. As a consequence, tokens can be routed through your environment without bringing any of the systems that process them into your PCI scope.

This way, tokenization takes the burden of managing and encrypting cardholder data off your shoulders, shifting most PCI compliance requirements from you to your token provider. Thanks to a lower PCI scope, compliance is easier and cheaper.

When tokenization of cardholder data is combined with additional measures, it can reduce your PCI scope and your costs even further. For example, Worldline's Client Side Encryption (CSE) integration option offers an additional feature for this exact purpose.

If you have integrated with Worldline’s CSE, when your customer enters their payment information the cardholder data is encrypted in the browser or application and sent to you as an encrypted payload even before it is sent to Worldline. This extra layer of security simplifies PCI compliance even further.

Offer a streamlined shopping experience.

Tokenization can also make your customers' payment experience much more convenient, without generating additional risk and PCI scope for you.

For example, tokens greatly facilitate payments with cards on file, including one-click payments. Payment data is safely stored in your customers' profiles in the form of tokens, either by yourself or by your Payment Service Provider. When repeat buyers come back to your site to make new purchases, they do not need to enter their payment details again, but can use their cards on file or go directly to one-click checkout.

You can also use tokenization in combination with extra security features for intelligent risk mitigation. For example, Worldline's payment platform enables you to let customers pay with cards on file, but still ask for the card's CVV number. This extra step is a minor effort for the customer, but the additional security could qualify you for better interchange rates.

Storing your customers' tokens also facilitates recurring payments such as subscriptions. While not all e-retail businesses lend themselves to this type of setup, consumers are adopting the subscription model for a surprising range of goods, from food and beauty products to socks, stockings and pet supplies.

Helping you keep your cards on file up-to-date.

Yet another advantage of tokenization systems is that they make it easy to keep card data up-to-date.

On average, 30 percent of your customer accounts will need to be updated every year because their cards expire, are stolen or replaced. When cards on file are no longer valid, transactions will be declined. Customers must be asked to provide updated card information, which causes friction and frequent dropouts.

With services such as Worldline's Account Updater, which is part of our Payment Tokenization solution, your customers do not need to do anything when their cards expire. Updated account information is automatically delivered to you by Worldline, so that you always charge a valid card and receive your payment on time.

The Account Updater service also enables significant cost savings by reducing the need to contact customers about card updates, manage declined transactions and even provide customer service.

Facilitating an omnichannel payment strategy.

Last, but not least, tokenization is a pillar of any effective omnichannel payment framework.

Tokenization enables you to identify individual customers across all your sales channels, so that you can offer them a truly seamless transition between physical, online and mobile stores. You can also track interactions anywhere, which gives you a unified view of your customers along with facilitating cross-channel loyalty and incentive programs.

However, not all tokenization systems are created as equal. Many are adapted to specific sales channels, and cannot accommodate different transaction environments or new payment methods. 

To future-proof your omnichannel payment setup, make sure that your payment service provider generates tokens that satisfy three key criteria:

They can be shared across all your sales channels.

They can be used by any system that currently uses Primary Account Numbers (PANs) as identifiers (for example, your POS, CRM and ERP systems), seamlessly and without substantial modifications.

Each card number has a unique token to allow for unified tracking and reporting.

In summary

Tokenization can make your life as an online or multi-channel merchant easier in many ways. The technology offers a simple and cost-effective way to secure your customers' payment data and reduce your PCI scope. You can offer repeat buyers a frictionless experience with always updated payment information, all the while building an effective omnichannel payment framework.

To learn more about optimizing payments in international e-retail, join our webinar "Best payment practices for successful e-retailers" on Tuesday, November 13.