Credit card tokenisation is a great solution to process payments while keeping cardholder information safe and secure.
In the world of eCommerce, you might have heard the term “tokenisation” thrown around and you’re curious as to what it is.
First off it’s important to understand that credit card tokenisation is an industry standard, used worldwide. This popular solution was developed to ensure that cardholder data is kept safe and secure. The tokenisation solution is best used when it comes to websites and web apps that make use of subscription based billing or One Click payments. Payment gateways provide the tokenisation solution to merchants and website owners.
What is card tokenization?
Generally speaking, to “tokenize” something is the process of turning a meaningful piece of information, in this case, credit card information into a random string of characters called a token.
Tokens vary slightly from the payment gateway to payment gateway but an example of a token is:
How card tokenisation takes place
An example of this would be when a customer is subscribing to an online subscription service. In order to pay they need to enter their credit card details. The eCommerce merchant would never want to store these details themselves as this is a massive security risk, so they opt to use the tokenisation solution.
When the credit card details are entered into the website, the website will send these details to the third party payment gateway over HTTPS (secure and encrypted connection). The data is sent via a secure API call which the payment gateway receives, validates and then generates the token. The token (remember a string with a whole lot of characters), is then returned to the website and is then stored in the website.
This whole process may seem quite complex, with all these technologies talking to one another but in reality, it is really fast (a couple of seconds maximum).
Now that the website has stored the token (which represents the customer’s card details), it can be used for any future payment processing. How this works is that the token (instead of the card holder’s details) is then sent to the payment gateway for processing with an amount, via secure API. The payment gateway validates that the token is correct and valid and then processes the payment.
Where should tokenisation be used?
Tokenisation should only really be used in specific scenarios, which we will delve into below. Remember the biggest benefit to storing a token representing a customer’s credit card details, is that we can use this token to process payments in the future without needing to store the card details or without having to request the customer to provide us with their card details again, which frankly will frustrate the user.
With that being said, tokenisation shouldn’t be used when a customer is making a once-off purchase on an eCommerce website and is not likely to return and transact again. There is no point to store a token as the transaction is already completed and there will be no future use for the token.
There are two great use cases though for tokenisation: Subscription Payments and One Click Payments.
Subscriptions are generally linked to some sort of membership to a website or service. Let’s use an example of a website where subscribers are subscribing to an educational website that provides them with loads of educational videos, courses and content.
The subscriber initially signs up with their personal and card details as part of their account creation. As part of this signup process, we want to process a payment for the initial membership period (in this example let’s assume its a monthly subscription) and we want to tokenise the card details for the processing of the monthly payments in the future.
Once we’ve received the token from the payment gateway, we store this in conjunction with the subscriber’s account details. When billing needs to occur in each of the following months, we simply send the token to the payment gateway for processing.
When the customer has a new credit card that needs to be used for payment we repeat the above process and then store the new token and discard the old one.
One Click Payments
One Click Payments are great and are very popular for on demand purchases, within websites, web apps and mobile apps! One Click Payments allow you to enter your card details into a website, web app or mobile app. Once entered we would tokenise the card details with the payment gateway and store the token.
Uber implements this really well where you enter your card details once and whenever you want to order a new ride, you simply pay with a single click (hence the name). This is super quick and ultra convenient for the consumer as their card details are loaded, making payment a breeze.
How secure is tokenisation?
Tokens that are generated and sent from the payment gateways are not an encryption of the card holder’s details but are a tokenised string representing the card holder’s details. This means that this token cannot be deciphered and the data revealed. Even if someone were to get their hands on the tokens that would be of no use to them. They cannot be exchanged for money as they are merely tokens.
This makes tokenisation really safe to use, which is why it’s adoption and implementation has grown exponentially worldwide.
Let’s sum this up
If you are looking to process credit card payments on your website, web app or mobile app on an ongoing basis for your customers, you should highly consider using the tokenisation solution.
Tokenisation makes everyone’s lives easier from the merchant to the customer, while ensuring security is not at risk.
For subscriptions and on demand purchases, tokenisation is a perfect fit and is highly recommended.
Here at Elemental, we’ve been helping loads of customers implement this clever payment processing solution to make payments quicker, safer and hassle-free. If you’re looking for a web development company to implement tokenisation payments for you, please give us a shout.