Token systems have been used for millennia and are a significant function of human society. Money, dowries, white flags, and wedding rings are all examples of tokens – something that stands as a symbol or surrogate of something else. In the modern world, you are likely to hear about tokens in technological discourse. For example, cryptocurrency is often referred to as a token. And this is where the idea of payment tokenization comes in.
So, what are payment tokens? How do they work? And how do we use them?
We are going to take a look at answering all of these questions and more as we ask, what is payment tokenization?
What is payment tokenization?
Payment tokenization is a payment process that works to protect users’ sensitive financial information by using an algorithmically generated number in its place, known as a “token”. Tokenization is used in many online transactions to protect both the buyer and the seller from internet fraud.
Ultimately, the goal of tokenization is to stop online scammers from accessing your data for fraudulent purposes. This is done by replacing your credit card’s primary account number (PAN) with a token that does not contain any of your real information.
So let’s jump in and find out what exactly is a token?
What is a token?
A token is anything that serves as a surrogate for another thing and stands as a representation of the original. For example, paper money is a token as all British Sterling notes say: ‘I promise to pay the bearer the sum of…’ (five pounds etc.). Paper money is a token for the goods and services that it is able to pay for.
Another example is the chips you use in poker. When you play poker, the chips are used as tokens for money. Professional poker players throw the representative chips into the middle of the table instead of throwing thousands of pounds.
Likewise, if you have ever been to a funfair or theme park, you will often exchange your money for tokens. In this scenario, it is so that theft is less likely (as the thief can only spend the tokens within the park) and so the theme park organizers can put a charge on the tokens and make more money themselves!
So, when it comes to online payment tokenization, the token is a piece of data that represents another piece of data; your bank card details. The token itself has no value, but what it represents does.
How does payment tokenization work?
Payment tokenization ensures that the details of the buyer are kept safe and secure.
When you make a purchase from an online store you input your name, card details, and other sensitive information such as your address or date of birth. All of this information can be hijacked by hackers who have the skills to breach a weak network and extract all the information they need to fraudulently use your details to make their own purchases.
Alternatively, if you make a purchase from an online retailer that uses tokenization, then the tokenization system intercepts your card details and uses an algorithmic code to translate those details into an indecipherable string of numbers and letters. Therefore, if anyone were to intercept it, it would be entirely meaningless to them.
This means that even if a token system is hacked, the users’ details are safe because they cannot be meaningfully interpreted. This is what distinguishes tokenization from encryption.
How is tokenization different from encryption?
Encryption changes sensitive data using mathematics, which means that the original pattern is present within the new code. This means that encrypted data can be decrypted by advanced hackers who have the means to crack such codes.
With tokens, there is no mathematical relationship between the string of numbers and letters (the token) and the original details. This is crucial as it means that the tokens cannot be retranslated or returned to their original form based solely on the token’s information. Therefore, even if the token system were breached, the tokens and the cards they represent would still be safe as they cannot be tokenized.
Detokenization refers to the opposite process of tokenization and is the reconversion of the token back to its original form.
What are the different types of tokens?
There are no official classifications of payment tokens. However, the difference between high and low-value tokens is often marked as a key distinction.
Payment tokens may either be single-use (Low-value tokens), for purposes such as one time purchases, or persistent (High-value tokens), for purposes such as repeat purchases and recurring transactions.
High-value tokens (HVTs)
HVTs are used for multiple and recurring transactions. They must look like a credit card’s actual primary account number in order to function properly. An HVT can be used in lieu of a bank card itself.
Multiple HVTs can link to a single physical credit card without the user being aware of it. HVTs can also be tied to a specific device (such as a phone) so that any anomalies between the use of the token and the device (such as physical location) can be flagged as potentially fraudulent.
Low-value tokens (LVTs)
LVTs are similar to HVTs but they are used for single purchases. This means that each time an LVT is generated it is only used once.
Therefore, an LVT cannot be used in and of itself to complete a transaction as it is not continuously tied to a credit card, like an HVT. This means that an LVT must also be able to be linked back to the original Primary Account Number in a secure fashion.
Where can you find payment tokens?
Most of the big online retailers use payment token systems. And if you have ever used apps and platforms such as Apple Pay or Google Pay, you too have used a tokenized system on a payment platform.
On these platforms and apps, you will often find that your card details have been stored. However, your details are not stored online or in your digital wallet. Instead, it is the tokens that represent your information that is stored and used for transaction purposes.
Why do we need tokenization?
Everyone (apart from the online fraudsters and hackers) benefits from tokenization.
Online shopping has become ubiquitous over the last decade and it has never been easier to have the exact product you want to be delivered to your door in a matter of days. Unfortunately, the ease and ubiquity of online shopping has been accompanied by the inevitable rise of data breaches.
Although more and more online stores are adopting token systems, they are still the most common places for data breaches to take place. Nevertheless, if a hacker attempts to steal from an online store that has a token system, they will find themselves unable to use the token other than in that same store, which will also then make them easily trackable once they have used it.
The primary aim of a tokenization system is to protect both online merchants and buyers from fraud, though tokenization is also used by businesses that hold sensitive data within their systems. This could be further credit card data, employee addresses, medical information, tax codes, or anything else that should remain secure.
By using token systems, businesses can operate in the knowledge that they are far safer and more secure than they would be without it.
How do payment tokens differ from EMV chips?
Europay, Mastercard, and Visa (EMV) chips are the small square chips on your bank cards that hold all the information of the cardholder and their bank accounts. They can only be read by certain readers, which makes them far less susceptible to fraud than magnetic strip cards.
The EMV chip generates a unique code for each purchase that can only be verified by certain systems. So the principle is largely similar to that of tokenization.
However, EMV chips are only designed for in-person transactions, whereas payment tokens are for online purchases.
Are payment tokens completely secure?
No system can offer completely watertight payment security and absolutely guarantee the prevention of a payment data breach. A payment token system can still be susceptible to simple human error, innovative malware, or phishing messages and emails. Online hackers will often find new ways of defrauding systems and organizations.
If a payment token system is hacked, the only information the hackers then have are the meaningless strings of numbers and letters that form the tokens. So a payment token system can be hacked, but the hackers would find little use for what they find.
However, individuals’ details can always be found through different nefarious means and those details can then be used to access the passwords to the tokens. For example, you may open a phishing email that can then access your personal information and the hacker on the other side may then find a way to use that information to access your tokens.
So you must always be vigilant when buying online, even if it is via a payment token.
Cryptocurrency and payment tokens
The word “token” is often used in conjunction with cryptocurrency and many people even use the terms synonymously. You may also hear cryptocurrencies such as Bitcoin described as a “crypto token”.
The reason for this is that all cryptocurrencies are in fact tokens. Cryptocurrency is used as a representative of real money and can be used to purchase things online. Your real-world money is entirely safe from anyone who hacks your crypto account as there is no codable link between your money and your crypto.
However, as more and more places begin to accept cryptocurrency as a form of tender, the risks associated with crypto theft are greater. This is because thieves have increasingly more places online in which they can use crypto. So a token produced by a token system tied to Amazon, for example, can only be used to purchase from Amazon. But with crypto, although it is technically a token, it can be used in multiple places.
What are prepaid cards?
You can now find prepaid cards, such as those offered by Getsby, that allow you to simply transfer cash to your prepaid virtual card and then make purchases online, safe in the knowledge that all the transactions are secure.
With a prepaid card, you simply transfer small amounts of cash at a time knowing that the details of your bank account are not going to be shared or hacked in any way.
Getsby offers both a disposable virtual card and a carbon-neutral virtual card that you can use to pay for all of your online transactions.
The rapid rise in online shopping has been accompanied by a similar rise in the amount of online credit card fraud that is committed. Hackers continuously find new ways of accessing sensitive information and user details that they can then use to commit theft.
Payment tokenization uses a surrogate token in place of your sensitive bank card details to make online transactions in order to keep your details safe. It functions in the same way that many other token systems have functioned for centuries, but it operates in the digital world.
Many online stores now use payment token systems, but there are also many places that do not. You can opt to use a virtual card such as Getsby to make sure that all of your online purchases and future transactions are processed through a token system and that your payment details are kept entirely safe.