Technical
Tokenization
Definition
Tokenization replacing sensitive card data with a non-sensitive token that can be stored safely. Tokens are useless if stolen - they can only be used by the merchant they were created for. Enables card-on-file functionality without storing actual card numbers. Reduces PCI scope significantly. Network tokens (from Visa/MC) offer additional benefits including automatic card updates.
Related Terms
PCI-DSS
Payment Card Industry Data Security Standard - a set of security requirements for organizations that handle cardholder data. Compliance levels range from SAQ-A (simplest, for merchants using hosted payment pages) to Level 1 (most stringent, for large processors). Non-compliance results in fines and potential loss of card acceptance. Most merchants should minimize PCI scope by using tokenization and hosted payment forms.
Card-on-File
Storing customer payment credentials for future transactions without requiring re-entry. Essential for recurring billing, one-click checkout, and repeat purchases. Must use tokenization for PCI compliance. Card networks have specific rules including obtaining consent and identifying stored credential transactions. Network tokens improve approval rates for card-on-file.
Network Token
A token provisioned by the card network (Visa, Mastercard) rather than the PSP. Network tokens are updated automatically when cards are reissued, improving approval rates for stored cards. Also called scheme tokens. Offer better security and authorization rates than PSP tokens. Essential for subscription businesses to reduce involuntary churn.
Need help navigating payment terminology?
We speak fluent payments. Let us translate for your business.
Talk to Us