Payment Method Tokenization
Learn how payment method tokenization secures sensitive data and enhances security for your payments
For software businesses, payment tokenization enhances security by reducing the risk of data breaches and fraud. It allows you to handle payment transactions without storing sensitive data, minimizing liability and compliance requirements. For your customers, tokenization enables you to offer them a safer and more secure payment experience, which can enhance trust and loyalty.
This guide covers the fundamentals of payment tokenization.
Tokenization process
Payment tokenization involves replacing sensitive payment data, such as credit card numbers or bank account details, with randomly-generated tokens. Then, you can use these tokens to make secure transactions without exposing actual payment information.
When a customer initiates a transaction, the payment system generates a token representing that information instead of transmitting their payment information, such as credit card or bank account details. This token is then passed through the payment process and stored in your business’s payment platform for future use. If a hacker or other bad actor intercepts the token, it’s useless because it doesn’t contain sensitive data.
This diagram shows how payment tokens work for software businesses and their customers, and where Payabli comes in during payment tokenization and transaction process. The customer sends a payment, which is saved as a stored token for future transactions. The merchant then processes the transaction through Payabli, receiving transaction details. Finally, the merchant sends a receipt back to the customer, completing the payment cycle.
Payment token forms
Tokens can come in different forms, there are three well-known forms.
Traditional payment tokens
Traditional Payment Tokens: These tokens are generated by replacing sensitive payment card details such as credit card numbers with a randomly-generated string of characters. Many PCI-certified gateways and processors have this functionality. Because your payment service provider manages these tokens, they tend to be the easiest and cheapest method to manage recurring payments.
For traditional tokens, Payabli supports both merchant tokens and universal tokens.
Device tokens
Device tokens are associated with specific devices, such as smartphones or smartwatches, and are used in mobile payment systems like Apple Pay, Google Pay, or Samsung Pay. Instead of using the primary account number, the payment system generates a unique token tied to the device’s secure element or software.
Network tokens
Unlike traditional tokens or device tokens, which are generated by merchants or payment processors, network tokens are created and managed by the card networks themselves. A big benefit of network tokens is that they can be automatically updated because they’re linked to the issuer. For example, a customer has a recurring payment and their card expired. The card issuer sends them a card with a new expiration date, and the network token used in the recurring payment is automatically updated with the new card information.
Payabli supports network tokens.
Tokenization types
This section helps you understand the kinds of tokenization that Payabli supports.
Some tokenization types are available only in certain accounts. Contact the Payabli team if you have questions.
During the integration process, the Payabli team helps you select the appropriate tokenization type for your needs.
Payabli has three different tokenization types for saved payment methods:
- Merchant Token
- Universal Token
- Network Token
Note that tokenization types for payment methods, like those described in this doc, have nothing to do with API tokens used for authentication with Payabli. For help with API tokens, see Authentication and API Tokens.
Merchant tokens
Merchant tokenization refers to a token that’s limited to use with a single merchant. This means you can use the tokenized method to make payments only with the merchant that created it. This is the default form of tokenization for most cases.
Example: A paypoint saves a customer’s card data. The paypoint isn’t configured for universal or network token types. You can use the storedMethodId only at this paypoint.
Universal tokens
Universal tokenization creates tokens that can be used across your portfolio with the same processor. This means you can use the tokenized method to make payments with your organization’s different merchants connected to the same processor with universal tokens enabled.
Example: Your Payabli organization has several paypoints as part of a franchise that are all configured for universal tokens. One paypoint saves a customer’s card data. The customer could make payments at any of your franchise locations that support universal tokens.
Network tokens
Payabli supports American Express, MasterCard, and Visa network tokens. Discover network tokens aren’t supported.
Network tokenization creates tokens that can be used across your portfolio and outside of Payabli if the external provider supports network tokens. Network tokens can also be used at a non-Payabli affiliated gateway, if they support network tokens. When you save a payment method using network tokenization, Payabli requests a token from the card network. These tokens are stored and managed at the network level.
Example: Your organization has several paypoints as part of a franchise that are all configured for network tokens. One paypoint saves a customer’s card data and uses the network token type. A customer could make payments at any of your franchise locations that are configured to support network tokens. The same token can also be used at the processor’s other merchants that support network tokens, like online retailers and service providers.
Industry examples
These examples can help you understand how tokenization can help software companies in different industries.
Let’s compare merchant, universal, and network tokens for a fictional fitness club management app, called FitClub Manager, that uses Payabli for payment processing.
In this example, each club location represents a separate paypoint in Payabli.
Merchant Tokens
- When a member signs up and pays their fees at a club that uses FitClub Manager, a unique token is issued that represents the member’s card details.
- The token only works at the club (paypoint) where the member signed up.
Universal Tokens
- When the member first signs up at a club that uses FitClub Manager, a universal token is issued that represents the member’s card details.
- This single token now works for all clubs (paypoints) that use FitClub Manager, regardless of location. The member can pay dues at Club A, pay for classes at Club B, and buy from the smoothie bar at Club C, using the same token.
Network Tokens
- When the member pays club fees on FitClub Manager, the Visa card network issues a token.
- The Visa token works for future Visa transactions for that member at any club that uses FitClub Manager. The member can pay dues at Club A, pay for classes at Club B, and buy from the smoothie bar at Club C, using the same Visa token.
- The member can use the same Visa token across the Visa network where supported.
For members who transact at multiple clubs managed by FitClub Manager, universal and network tokens provide the most seamless experience. They can use one saved payment method across all clubs and transactions in the platform.
Token migration
Traditional tokens are stored with either the gateway or the processor. This means that those platforms are managing the token lifecycle on behalf of customers and the platform controls the data. If a merchant or independent software vendor (ISV) switches to a new gateway or processor, they must migrate all those saved tokens or risk losing them. Not having access to those tokens could have a massive impact on the merchant’s ability to process transactions and could affect their business operations overall.
Two key factors impact token migration:
- Token Portability: The outgoing provider must be able to export tokens.
- Token Migration: The incoming and outgoing providers must support migrations. They should be PCI-compliant and have a formal process to handle and transfer token information securely.
Token migrations can be error-prone, but Payabli has an experienced migration team and a clear process that keeps migrations short and smooth.
Learn more about token migration in the Migrate Tokenized Card Data guide.
Saving methods
Payabli offers several options for tokenizing and saving a payment method:
- API: use the direct-access API to save and manage payment methods.
- Embedded components: use the PayMethod UI or EmbeddedMethod UI to save a payment method.
- PartnerHub/PayHub: add a payment method for a customer from the customer overview.
Was this page helpful?