What is network tokenization?
We are seeing an unprecedented shift in consumer spending habits. One in five global transactions are now ‘digital’, with online commerce growing at over six times the rate of in-store sales. But this rapid growth is introducing new challenges. Fraud is rising, yet merchants are under pressure to deliver the seamless payment experiences that consumers increasingly demand. Network tokenization is one of many technologies that online merchants are turning to in a bid to strike the right balance between high security and a frictionless buying experience.
Yet, we should not think of network tokenization as an optional add-on. Rather, it is a foundational technology enabling secure, simple digital commerce.
What is network tokenization?
With network tokenization, the payment networks replace a primary account number (PAN) with a unique EMV®* payment token that is restricted in its usage, for example, to a specific device, merchant, transaction type or channel.
The question is, how is network tokenization different to existing third-party proprietary tokens?
The main (and crucial) difference is that network tokenization ensures that card details are protected throughout the entire transaction lifecycle. Non-network tokens don’t offer this end-to-end security, introducing weaknesses at various points for fraudsters to exploit.
Network tokenization also introduces improved credential lifecycle management to keep card details current, whereas proprietary tokens do not always have issuer permission to access and manage the underlying account data. Finally, network tokenization opens opportunities for new, enhanced buying experiences across existing and emerging channels.
What are the benefits of network tokenization for online commerce?
To fully appreciate the unique value that network tokens bring to the payments ecosystem, we need to understand how they can address the key pain points for e-commerce merchants.
Reducing the cost of fraud
We can’t get away from it. Online commerce has a fraud problem. E-commerce fraud is growing twice as fast as e-commerce sales, with retailers set to lose $130 billion between 2018 and 2023. We should not be surprised that one in two US merchants see fraud prevention as ‘an increasingly challenging task’. They are already spending $3.48 to combat every dollar of fraud (and this is set to rise with the global cost of fraud prevention increasing by 4% year-on-year).
And yet, the fraud rates keep on climbing. In a hyper-competitive industry where every cent counts, blindly throwing money at a problem is not a sustainable strategy.
The end-to-end security proposition of network tokenization significantly reduces the risk, and mitigates the impact, of malware, phishing attacks and data breaches. Put simply, tokenized card data is useless if stolen and for this reason, network tokenization should be the foundation on which a layered fraud management approach is built.
Combatting false declines
Given the scale of the fraud challenge, merchants and issuers are understandably adopting a cautious approach. Transaction approval rates for digital transactions stand at around 85%, compared to 97% for in-store transactions.
This leads to a high prevalence of ‘false declines’, where a valid transaction from an authorized cardholder is rejected by the merchant. Often the cause is something simple, such as an outdated billing address, but the results can be incredibly damaging.
Globally, false declines cost merchants $331 billion. 66% of consumers stop shopping with a retailer after a false decline. Unnecessary declines outstrip actual fraud 13 times over. Most tellingly, US e-commerce merchants are losing a total of $8.6 billion to declines, compared to the $6.5 billion of fraud they are actually preventing.
Network tokens can increase approval rates to reduce instances of false declines. This is because card details are automatically updated and refreshed, making it less likely for an erroneous data point to raise a red flag. Also, tokenized transactions are inherently more secure so less likely to be viewed as risky.
Enhancing the checkout experience
Despite the huge challenges posed by rising fraud, it is telling that 91% of merchants identify ‘minimizing the amount of friction introduced into the user experience’ as the main priority when evaluating their approach to securing payments.
Introducing additional friction into the checkout process, then, is a no-go. But as network tokenization reduces the value of the underlying sensitive data, it adds an invisible layer of security.
We must also remember that merchants want to focus on payment innovation, not fraud prevention. Network tokenization is more than just a security play, and can be used to enhance the buying experience.
For example, it enables consumers to see a fully branded card when checking out, rather than a mish-mash of starred credentials and the final four digits. This boosts recognition, familiarity and engagement. It also enables payment details to be instantly refreshed when a card is lost, stolen or expires. Better still, it can enable consumers to keep track of where and when their payment credentials are being used. For example, card details could easily be push provisioned to merchant apps.
What is the industry roadmap for network tokenization?
Given the clear benefits, we are already seeing strong momentum for network tokenization for card-on-file transactions. And with EMV® Secure Remote Commerce poised to debut in 2019, we can expect to see network tokenization extend to ‘guest checkout’ experiences.
There are options available for merchants and payment service providers (PSPs) looking to implement network tokenization solutions. For those with significant strategic resource, time and technical capacity, direct integration with the payment systems is an option.
Alternatively, for those looking to move quickly, qualified technology partners offer a fast-track to the immediate benefits of network tokenization (without the potential integration headaches).
* EMV® is a registered trademark in the U.S. and other countries and an unregistered trademark elsewhere. The EMV trademark is owned by EMVCo, LLC.