Zabezpečení

Tokenizace sítě

Zvyšte bezpečnost a snižte rozsah PCI převodem údajů o kartě na síťové tokeny. Tokenizace sítě Cardflo nahrazuje citlivá čísla karet jedinečnými tokeny generovanými platební sítí, které zůstávají platné, i když se podkladové údaje o kartě změní.

Tím se chrání zákaznická data a zefektivňuje soulad.

Kategorie
Zabezpečení
Schopnosti
10
Dostupné na
Všechny plány
Požádat nyní

Přehled

Network tokenisation is a security and data management protocol where a Primary Account Number (PAN) is replaced by a unique digital identifier, or token, issued directly by the card schemes like Visa or Mastercard.

Unlike proprietary gateway tokens which only function within a specific provider's environment, network tokens are interoperable across the payments ecosystem. The process involves the merchant or their PSP requesting a token from the scheme via the acquirer.

Once issued, this token is stored in the merchant vault for future transactions. Because the token is linked to the underlying account rather than the static card details, it remains valid when a physical card is replaced or expires.

This mechanism reduces the risk of data exposure during transit and storage while ensuring that payment credentials remain synchronised with the issuer's records.

It sits at the infrastructure level of the payment stack, providing a layer of security that satisfies various PCI DSS requirements while potentially improving authorisation success.

Jak to funguje

  1. Token provisioning and request

    The process begins when a cardholder enters their PAN during a transaction. The merchant or payment service provider sends a request to the card scheme to provision a network token.

    This request typically includes the PAN and specific metadata to verify the legitimacy of the merchant account before the scheme generates the token.

  2. Mapping and vault storage

    The card scheme generates a unique network token and maps it to the cardholder's account. This token is returned to the merchant or vault provider to be stored for future use.

    The actual PAN is never stored in the merchant's local environment, significantly limiting the scope of sensitive data exposure.

  3. Cryptogram generation for authorisation

    When a subsequent payment is initiated, a unique, one-time-use cryptogram is requested for that specific transaction. This cryptogram is bundled with the network token and sent through the payment gateway to the acquirer.

    The issuer receives these details and validates the cryptogram to authorise the payment request securely.

  4. Lifecycle management and updates

    The card schemes maintain a real-time link between the network token and the cardholder's account. If a card is lost, stolen, or expires, the scheme updates the token mapping automatically.

    This ensures that the merchant can continue to process transactions without requiring the customer to manually update their payment details.

Proč na tom záleží

Improved authorisation performance

Traditional card-on-file transactions often fail due to expired credentials or reissued cards. Network tokens mitigate this by maintaining a persistent link to the funding account.

Industry data suggests that issuers often view network-tokenised transactions as higher trust because they include scheme-validated cryptograms. This increased trust can lead to a measurable uplift in authorisation rates and a reduction in false declines across various geographies and card types.

Reduction in PCI scope

By utilising network tokens, merchants minimise their exposure to sensitive cardholder data. Since the token cannot be reversed to find the original PAN outside of the scheme's environment, the risk associated with data breaches is substantially lowered.

This allows businesses to adhere to PCI DSS standards more easily, potentially reducing the cost and complexity of annual security audits while maintaining a robust defence against unauthorised data access.

Cost optimisation and scheme incentives

Card schemes frequently incentivise the adoption of network tokenisation to enhance ecosystem security. This may manifest as lower scheme fees for tokenised transactions compared to plain-text PAN transactions.

Furthermore, by reducing the frequency of expired card declines, merchants can lower the operational costs associated with dunning processes and customer service inquiries related to failed recurring payments or subscription renewals.

Případy použití

Subscription and recurring billing

For businesses relying on monthly subscriptions, network tokens prevent churn caused by card expiry. The token stays active even if the physical card is replaced, ensuring uninterrupted service for the cardholder and consistent revenue for the merchant.

One click guest checkout

E-commerce platforms can offer returning customers a faster checkout experience without storing sensitive PANs. By retrieving the network token, the merchant provides a smooth user journey while the security remains managed by the underlying card scheme architecture.

Marketplace payment processing

Platforms managing multiple sub-merchants can utilise network tokens to secure data across their entire ecosystem. This centralises security while allowing individual participants to benefit from high authorisation rates and reduced compliance overhead in a complex regulatory environment.

Mobile wallet integration

Mobile wallets frequently use tokenisation protocols to secure card details on devices. Network tokenisation allows merchants to bridge the gap between web-based checkouts and mobile environments, maintaining a consistent security posture across all digital customer touchpoints.

V číslech

2% – 5%
Authorisation Uplift

This range represents typical industry observations for merchants moving from PAN-based storage to network tokens, largely due to reduced declines on expired or reissued cards.

20% – 30%
Fraud Reduction

Industry studies suggest a significant decrease in fraud rates for tokenised transactions, as the lack of sensitive PAN data minimises the utility of intercepted payment details.

100%
Token Refresh Rate

This indicates that within the scheme environment, token mappings are designed to reflect the current status of the underlying account automatically, assuming issuer participation in the scheme's lifecycle services.

Ready to route with Tokenizace sítě?

Talk to our team about a live rollout on your acquiring stack.

Požádat nyní

What you get with Tokenizace sítě

  • Nahrazuje citlivá PAN bezpečnými síťovými tokeny.
  • Snižuje zátěž souladu s PCI DSS pro obchodníky.
  • Udržuje platnost tokenu i při vypršení platnosti karty nebo opětovném vydání.
  • Zlepšuje míru autorizace snížením zamítnutí pro expirující karty.
  • Chrání před narušením dat tím, že nikdy neukládá skutečná čísla karet.
  • Usnadňuje bezpečné opakované platby a nákupy jedním kliknutím.
  • Supports Merchant initiated Transactions and Customer Initiated Transactions via secure tokenised paths.
  • Minimises the need for manual customer intervention to update saved payment methods.
  • Facilitates compliance with regional data protection regulations by pseudonymising sensitive financial information.
  • Enables access to scheme-level incentives and potential reductions in per-transaction processing costs.
See Tokenizace sítě on your acquiring stack.

A short scoping call, then a written plan for your MIDs.

Požádat nyní

Questions about Tokenizace sítě

Co je tokenizace sítě?

Tokenizace sítě je proces nahrazení primárního čísla účtu (PAN) jedinečným, šifrovaným tokenem generovaným karetními sítěmi (Visa, Mastercard atd.) Tento token se používá pro transakce, nikoli skutečné číslo karty, čímž se zvyšuje bezpečnost.

Jak tokenizace sítě snižuje rozsah PCI?

Nahrazením skutečných čísel karet síťovými tokeny již obchodníci neukládají ani nepřenášejí citlivá data držitelů karet. To významně snižuje rozsah souladu s PCI DSS, protože méně systémů zpracovává nezpracovaná PAN, což zjednodušuje audity a bezpečnostní opatření.

Zlepšuje tokenizace sítě míru autorizace?

Ano, tokenizace sítě může zlepšit míru autorizace. Síťové tokeny jsou automaticky aktualizovány karetními sítěmi, pokud vyprší platnost podkladové karty nebo je znovu vydána, čímž se zabrání zamítnutím kvůli zastaralým údajům o kartě v scénářích opakované fakturace nebo uložených karet.

Is network tokenisation supported globally by all banks and issuers?

Adoption of network tokenisation is widespread among major global schemes and large issuers, but it is not yet universal. Some smaller regional banks or issuers in developing markets may not fully support the cryptogram validation required for network tokens.

In these instances, payment systems typically fall back to using the PAN or a standard gateway token. Merchants often use a hybrid approach to ensure maximum coverage while still benefiting from tokenisation where available.

Does implementing network tokens increase the latency of my checkout process?

The initial provisioning of a network token adds a small amount of communication between the PSP and the card scheme, but this is typically handled during the first transaction or when a card is saved.

Subsequent transactions using a stored token are comparable in speed to traditional authorisation requests. The efficiency gains from higher authorisation rates and fewer declines generally outweigh any marginal increase in initial processing time for the provisioning step.

Can network tokens be used for both CIT and MIT transactions?

Yes, network tokens are designed to support both Customer Initiated Transactions, such as an e-commerce checkout, and Merchant Initiated Transactions, such as recurring subscriptions or unscheduled top-ups. Each transaction type requires specific flags during the authorisation request to inform the issuer of the context.

For CIT, the cardholder is present and may undergo SCA, while MIT relies on the pre-existing agreement and the secure network token.

How does network tokenisation impact my chargeback and dispute processes?

The dispute process remains largely unchanged from a merchant's perspective when using network tokens. If a customer disputes a transaction, the merchant still receives a notification through their acquirer.

However, the use of network tokens and unique cryptograms can provide additional evidence that the transaction was authorised securely. This may assist in the representment process for certain types of disputes, although it does not provide an absolute guarantee against chargebacks.

Začít

Připraveni na rychlost?

Řekněte nám o svém podnikání. Spojíme vás s těmi správnými akvizičními partnery a správnou cestou, obvykle do týdne.

Požádat nyní
Požádat nyní