Demystifying tokens

As transactions become more and more reliant on technology, digital innovators have been creating new ways to keep customers’ data – and money – secure. One method is tokenisation, a tool which adds anonymity to payments and protects sensitive data such as customer bank/card details. Flooid Product Owner Brandon Magakyan explains more.

What is tokenisation?

Put simply, tokens are security protocols that protect consumers by generating an alphanumeric, unique ID number to replace identifiable information such as bank account information and credit card numbers at the point of payment. Tokens help eCommerce sites and other retailers because they minimise the amount of data they need to process, while still ensuring the validity of the payee. Consumers benefit as their more sensitive information isn’t shared, meaning fewer people see it and it’s less likely to be breached or fall into the wrong hands. Importantly, tokenisation can also be applied beyond the payments space to protect information such as medical or criminal records.

Who is using tokenisation?

They may not realise it, but most people are already using tokens in their everyday lives. Adding a credit card to a digital wallet or using a mobile device to pay for rideshares or for a consumer app are all rooted in tokenisation. Many banks offer tokenisation capabilities when they invite customers to add cards to their digital wallet, which allow customers to pay with a single tap of their mobile phone. Notable tech giants such as Apple are breaking into FinTech, with offerings like Buy Now Pay Later (BNPL). Google also offers an all-encompassing “super app”, wallet, which directly interfaces with other apps within the ecosystem, enabling functionality like paying for parking from Google Maps natively.

The technology

The unique ID number – known as a token number – is stored in a token vault (for example VISA or Mastercard). The ID number is used when performing online or digital transactions. Multiple layers between the acquiring agency, digital wallet and device ensure vastly improved consumer privacy and security —  in fact tokenisation replaces payment information with mathematically irreversible tokens, rendering compromised information useless if a hacker finds it. Tokens are typically used in online or recurring (subscription) payments that use ‘at rest’ payment information.

Tokenisation v encryption

Both tokenisation and encryption are tools used to protect data, but they have subtle differences. Tokenisation is typically used in online or digital payments, and as mentioned before tokens are irreversible, so the source information cannot be found. Encryption is more common in physical stores. It cryptographically disguises payment information, typically for payments via credit card or over the phone.

What do businesses need to do about tokenisation?

As more and more consumers move to digital payments, retailers need to ensure they can accept and synergise token and other relevant security protocols. This means they are ready to sell to customers securely, but can also benefit them by partnering with modern payment service providers. Since tokenisation is handled by the payment service provider (PSP), it removes the necessity from the retailer to manage compliance for PCI DSS regulations.

How does Flooid help?

Flooid’s forward-thinking integrations with modern payment service providers alleviates and lessens the burden of establishing a tokenisation process from scratch, and strengthens the retailer’s position within the market through key advancements in payment technology. Tokenisation opens the door for retailers to accept various new payment methods in addition to alternate ones such as Klarna, AfterPay, AliPay and WeChat. With Flooid, retailers have a proactive best-of-breed partner, ready to help them to evolve their point-of-sale and payments strategies so they can thrive long-term.