Card tokenization in the payments industry has been around for almost 20 years. While most of us may have been exposed to using the technology without being aware of it, it has now started to become mainstream due to merchant data breaches and the need for increased security. That same security burden is where card schemes, such as Mastercard and Visa, have pieced together the concept of network tokenization, where card networks are looking to take over the responsibility of securing card numbers, as opposed to outsourcing to traditional acquirers.

Tokenization – The First Steps

When not considering the multiple complexities of card networks, acquirers, payment or token service providers, tokenization itself is a rather simple concept. The general purpose for the creation of tokenization was online security, whereby first-time-entered credit card numbers were moved from a receiving merchant platform to a secure “vault”. After storage of the actual card number in a vault, a representation of that card number (e.g. a token) would be sent back to the merchant platform and associated with a user account. This entire process was defined and set up to prevent the theft of credit card numbers.

Thereafter, anytime an existing user wanted to initiate a purchase, the merchant platform would query their vault with the stored token to reference the actual user credit card number. Upon ...