Tokenization

Save payment information

Security is paramount when handling sensitive payment information. Tokenization is an additional security layer on top of encryption that protects this sensitive data. Tokens allow merchants to reference payment details stored in a secure vault for card on file transactions and recurring payments. These tokens can be stored by merchants without affecting their PCI DSS scope and without the risk of exposing sensitive customer information. 

What is Tokenization?

Tokenization refers to the process substituting sensitive data - such as a credit card’s PAN (Primary Account Number) and CVV (Card Verification Value) - with a so-called token. A token is a random series of characters containing no sensitive data. Instead, it serves as a reference to the data it replaces. 

A token thus serves as a security measure, and you can store tokens with no risk of exposing the underlying credit card data in the event of a data breach. This provides an additional layer of security for cardholders.

IXOPAY offers two types of tokenization, gateway tokenization and network tokenization.

Gateway Tokenization

Gateway tokens are tokens issued by IXOPAY and reference payment instruments stored in IXOPAY’s secure vault. IXOPAY tokens can be used with any payment provider connected via IXOPAY that supports the tokenized payment method. 

The following payment instruments can be stored and tokenized in IXOPAY:

  • Credit cards (VISA, Mastercard, Discover, JCB and American Express)
  • Bank account details (IBAN)
  • Google Pay account details
  • Apple Pay account details

Use IXOPAY’s Account Updater to ensure that credit card details stored in IXOPAY’s secure PCI Vault are always up-to-date.

Network Tokenization

Network tokens are issued by the credit card schemes themselves. IXOPAY provides network tokenization as a Token Requestor Aggregator service, approved by Visa and Mastercard, and stores the network tokens in our PCI vault.

Changes to the underlying card data are automatically updated by the schemes and do not require a new token to be generated. Instead, the existing token continues to reference the same card with updated information.

PCI tokenization process flow for transactions: A token consists of random characters that do not contain any sensitive data. The token refers to payment details that are stored in a secure vault. This increases security and allows merchants to store tokens for card-on-file transactions and recurring billing without the risk of sensitive data being exposed in the event of a data breach.

Avoiding Provider Lock-in with IXOPAY

Many PSPs provide their own tokenization services. However, these tokens only work with that provider, which leads to a high degree of dependence on a single provider and prevents you from switching to another provider with better conditions. It also poses a significant business risk in a volatile market; if the PSP goes out of business or decides to terminate your contract, you will need to find an alternative provider who will be unable to use your tokens. This can require customers to re-enter their card details and degrades the user experience.

Tokens issued by IXOPAY can be used to process transactions through any payment provider connected to IXOPAY. You can thus route transactions to whichever provider is best suited to process it - local providers typically have higher authorization rates and charge lower fees. Furthermore, you can implement automatic failover for transactions. If your primary PSP is unavailable for technical reasons or the initial transaction receives a soft decline, you can automatically retry the transaction via an alternative provider. This process is invisible to the consumer, and can result in a significant increase in sales. IXOPAY merchants report recovering up to 15% of initially declined transactions through such cascading.

Payment Orchestratioj beseitigt die Abhängigkeit von einem bestimmten Zahlungsanbieter. Der Wechsel des Anbieters ist einfach und erfordert keine zusätzliche Implementierung, da alle Anbieter über dieselbe API integriert sind.

Interested in learning more?

Let's schedule a tech demo!

Contact