Tokenization
Tokenization is a crucial aspect of data security, used to protect sensitive credit and debit card information. It replaces the sensitive data with unique identification symbols, also known as tokens. Tokens retain all the essential information without compromising security, and the real data is stored safely and securely in a token vault.
Tokenization enables you to handle payments without needing access to sensitive payment card data. It makes you compliant with Payment Card Industry (PCI) and Self-assessment Questionnaire (SAQ-A). For more information about compliance options, see PCI Compliance.
Tokens
A token is an identifier of stored payment details that can be used for all subsequent payment transactions to refer to the previously saved payment details. Tokens are in Primary Account Number (PAN) format and pass simple card validation rules. For example, they can be stored in place of credit and debit card number.
The process of generating a token ensures that each generated token tries to resemble an invalid card number.
Types of Tokenization
The Mastercard Gateway supports Credential on File (COF) Tokenization through two options. Both enhance the security of digital transactions and reduce the risk of card data being compromised. COF allows a merchant to save the payer’s payment credentials so that they can be used for future transactions. The choice between the two options depends on the specific needs, requirements, and capabilities of the business:
- Gateway tokenization
A payment gateway service provider, such as Mastercard Gateway, stores a unique token that represents the payer’s payment details. This token is then used by the merchants to process future payments. As the merchant never has access to the cardholder's sensitive data, the risk of data breaches is reduced. This process also simplifies the payment process for merchants, as they do not have to store or handle sensitive card data themselves.
- Network tokenization
A network tokenization service provider, such as Mastercard Digital Enablement Service (MDES), creates and manages tokens on behalf of the cardholder, in exchange for the payer's Primary Account Number (PAN). The cardholder's sensitive data is replaced with the unique token, which is then used for each transaction. This ensures that the original card data is never exposed. Network tokenization is often used for mobile payments and digital wallet transactions, providing a seamless and secure payment experience. It is available in addition to gateway tokenization so that the PAN is never used throughout the transaction lifecycle. This addition makes the process more secure and improves the approval rates.