Network Tokenization Basics


Katie McCarthy


May 3, 2022

May 3, 2022

May 3, 2022

If you’re in payments, you may have heard the terms network tokenization or network tokens thrown around. If you don’t quite know what these terms mean and are too afraid to ask at work, this blog is for you. 

So, once and for all, what’s the deal with network tokenization? 

What is Network Tokenization?

Network tokenization is the process through which card brands (e.g. Visa, Mastercard, Amex, Discover, etc.) substitute a cardholder’s primary account number (PAN) and other card details with a secure network token. A network token is a secure, unique ID with restricted use (i.e. only by a specific merchant) that can replace a PAN for transactions or storage of card details on file. Because network tokens are restricted to a single merchant, one PAN can have multiple network tokens—each issued and used by different merchants. Network tokens differ from other types of secure tokens in a couple of ways. Most significantly, network tokens adhere to EMV specifications. EMVCo is an industry accepted security standard and technology that allows network tokens to be identifiable across the entire transaction lifecycle. This means when a merchant initiates a transaction using a network token, that token can replace the customer’s PAN at every step—the merchant, acquiring bank, network, and issuing bank can all complete the transaction with just the network token! For all other tokens, this is not true. A proprietary token (i.e. a token created by a company or payment service provider) or a PCI token (another secure token type) can only replace the PAN for part of the transaction—usually for the merchant and the acquirer. While non-network tokens increase security of cardholder information, they aren’t as secure or absolute as network tokens.

Companies often employ network tokenization when storing card credentials on file. After they acquire customer permission to store card details, they may then tokenize those credentials to reap the benefits outlined in the next section below. Often, the companies that reap the most benefit from a network tokenization strategy are those with a large subscription customer base, who store many cards on file for recurring transactions.

What Are the Advantages of Network Tokens?

When compared to storing and transacting with a PAN, network tokens have a few distinct advantages:

  • Increased security and decreased fraud – When merchants, payment service providers (PSPs), and third parties start to store card credentials, they become a target for theft and fraud. By using network tokens, the industry is reducing the number of real cards stored in the ecosystem, which reduces the risk of losing sensitive information through theft. Because network tokens represent all card details (not just the PAN), the additional context provided with the network also reduces the risk of fraudulent behavior. 

  • Fewer declines – By definition, network tokenization decouples the underlying card from its PAN, allowing the network token to remain intact even when card information changes. This means customers can make purchases with a tokenized payment method even if their underlying card is in the process of being replaced or its details were updated. Not only that, but because network tokens represent all card details, the issuer receives more information than a PAN-only transaction. More context for issuers means more confidence in approving transactions. Both benefits translate into fewer declines for merchants who use network tokens. Learn more about this benefit in our Network Tokenization and Toucan blog post.

  • Better checkout experience and lower customer churn – Active network tokens are kept up-to-date so long as the cardholder’s bank account is active. As such, customers can make transactions without updating card details, leading to a faster checkout. Up-to-date card information also reduces customer churn, because the customer does not experience the friction of having to update or enter payment information.

  • Reduced cost – In some markets, using a network token instead of a PAN can decrease the cost of the transaction.

In the age of ecommerce, network tokenization is an essential part of improving both payment performance and customer experience.

Okay…But How Do You Actually Request Network Tokens? Toucan by Pagos Can Help!

Every merchant that uses network tokens must have a Token Requestor ID (TRID).  TRIDs are 11-digit merchant-specific identifiers issued independently for each network. Let’s walk through an example for how this typically works. 

Let’s say that you have card credentials on file associated with three networks – Visa, Mastercard, and Amex. If you want to use network tokens instead of PANs for the Visa cards, you would request a TRID that only works for Visa. You would then join the Visa tokenization program either on your own or with the help of your PSP. If you wanted to use network tokens instead of PANs for the Mastercard cards, you would need a TRID specific to Mastercard and would need to enroll in the Mastercard tokenization program. Likewise for Amex. Even with the help of a PSP, you may end up with multiple network tokenization programs to manage all of your cards on file.

Toucan by Pagos can help. While Toucan can’t remove the necessity for multiple TRIDs, it can simplify the process of network tokenization. Toucan is a network agnostic tokenization service; this means that you only need to send your card on file credentials once, regardless of what networks they are associated with. If you request a network token, Toucan knows from which network to request the network token for you. Today, you can use Toucan to tokenize any Visa or Mastercard PAN you have on file, with Amex and other networks coming soon.

For companies that use Toucan, the network agnostic API creates greater control over their network tokens. Think about a company with multiple PSPs and partners, with many cards on file. The number of network tokenization programs this company has to manage starts to grow rapidly, and every PSP they use would have to have an independent relationship with each network. With Toucan, there is only one network tokenization platform to manage. Central decision making leads to greater company control and better payments performance.

Share on X