Introducing Network Tokenization

Created by Yogesh Ambure, Modified on Tue, 09 Apr 2024 at 02:01 PM by Yogesh Ambure


 

Exact Payments is excited to announce our network tokenization offering! Network tokenization has been proven to reduce fraud by 28%, making it essential for online businesses that prioritize protecting customer data and their reputation. Additionally, the PCI Security Standards Council states that network tokenization reduces PCI scope. Data from Visa finds that using network tokens leads to a 3-4% increase in authorization approval rates for online transactions, effectively increasing sales and enabling businesses to outperform their competitors. 


What is Network Tokenization? 

Network tokenization will allow the clients of software partners (merchants) to securely transmit and store payment tokens for repeat, subscription-based purchases while reducing the risk of fraud and increasing authorization approval rates—ultimately resulting in increased sales. 


Network tokenization allows the creation of a network token representing a customer's card details. This process secures customer payment information by replacing the actual account details with an algorithmically-generated token value. This significantly reduces the risk of data compromise and effectively renders any stolen token useless, as a network token cannot be used outside of its intended payment ecosystem.


Network tokens are created by the bank's system (via the Visa or Mastercard network) rather than an external party like a payment processor or payment gateway. The bank establishes the correlation between the token and the cardholder account and can trace the activity across the token lifecycle.

How Can Network Tokenization Be Added to My Account? 

New software partners may decide if they will support network tokenization for their merchant base at the time of a payments integration. Existing software partners may submit a ticket to support to enable network tokenization. There are no special APIs or endpoints required outside of the standard payment and tokenization calls. Please email [email protected] for more details on pricing and setup. 


How Does Network Tokenization Work? 

Network tokenization enables a payment token to be used in a payment transaction from the point of purchase to an acquirer and then passed across the payment networks through to payment authorization (converting to the PAN) by the card issuer. This offers the benefits of payment tokenization throughout the payment process.



What Are the Differences Between Network Tokenization and Exact’s Platform Tokenization? 

In other forms of tokenization, such as Exact’s platform tokenization, tokens can be created and decoded at different points within the payment process. Exact’s platform tokenization operates from the merchant environment through to our platform where we then convert it to the PAN to send on to the acquirer. 


Both types of tokens are stored within Exact's platform and can be utilized by partners and merchants for recurring or card-on-file transactions.


Exact Payments’ platform tokens allow the creation of a token not only as a representation of a credit card, but also of almost any payment method, including ACH. The Exact token also stores other data such as billing address, and the token type is non-format preserving. 


Network tokens only allow credit and debit cards to be tokenized. There are a number of additional key benefits associated with network tokens, including:


  • Reduced fraud 

  • Automatic account updates for expired and reissued cards on file

  • Improved authorization approval rates

  • Reduced interchange cost on certain transaction categories

  • Reduced PCI scope


When paired with the ExactJS product, partners and merchants can eliminate all card data from their internal systems, which, in turn, removes that entity from the security requirements defined by PCI Data Security Standards (DSS) scope.


Merchant Onboarding

Merchants must select network tokenization when signing the merchant services agreement. After a merchant account is approved, the Exact support team will enable network tokenization during activation. Once the feature is enabled for a merchant’s account, all tokens created by the merchant will be network tokens unless a platform token is specifically requested in the token type field in the payment request payload for that particular card. 


Creating a Network Token

Utilizing Exact's existing tokenization (create payment method) endpoint, merchants will be able to request a network token for a cardholder simply by specifying the token type as “network” in the request—as long as they have network tokenization enabled on their account.  


Creating a network token is as simple as sending a request to our create payment method endpoint and including the email attribute and other standard required fields. For these tokens, the cardholder's email address is mandatory.


In the background, Exact checks to ensure the card is active and valid while the network reviews the request. Upon receipt of a successful tokenization response, the merchant will receive back the token, cardholder billing details, expiry, token type, and AVS check results for use in future payment requests.  The response also contains the token’s state, which will be ACTIVE immediately upon creation.


What Happens If a Card Cannot Be Tokenized? 

Some cards cannot be tokenized as network tokens for various reasons, typically because the issuer has not enrolled the BINs for tokenization. The request will fail with an error similar to “card is not eligible for tokenization.” If the network token request fails, Exact will create a platform token and store it in the vault with the type identified as “platform.”


If a customer is tokenizing from the browser via ExactJS, the customer email address must be supplied, meaning the merchant must collect the email address from the cardholder during the checkout process and send it along with the request.   


Paying with a Network Token

To make a payment with a network token, the payment method must be indicated as a token and the type set as “network.”  Paying with a token is similar for both platform and network tokens. Exact applies all additional data returned to complete the payment.


Acceptable Cards For Tokenization Include: 

  • Visa, Mastercard, AMEX cards that are active and valid 

  • Discover, Diners, and JCB can only support platform tokens

  • Unique customers and cards in CAN and US

  • Shared cards are allowed. A shared card can be used at multiple locations under one master merchant but not among different (unique) merchants. In this case, the partner will create a network token for the payment method, and Exact will return the same network token for each merchant request, which would then be shared amongst all merchants   

  • Exact Platform tokens


Cards Ineligible For Tokenization:

  • Expired cards

  • Prepaid cards

  • Health Savings Account (HSA) cards


Expired Tokens

Tokens, like PANs, have an expiration date. Expired tokens may be deactivated, although they may 

remain on the token requestor’s device. Tokens that expire are not typically used again and remain 

unusable for transactions in a deactivated state. 


The token lifecycle and its expiration do not have to mirror the lifecycle and expiration of the PAN that 

token represents. A token can be suspended while the PAN is active. A PAN can expire but still be 

tokenized with an expiration date in the future. 


Card Update Notifications To Merchants From Issuers 

Merchants can elect to receive notifications from Exact that the issuer has updated a payment method using the “payment-method.update” webhook. After receiving a notification, merchants must look up the payment method utilizing the API.


Merchants can retrieve payment methods in a few different ways through the API. They can query a list of all customers/tokens under a merchant account, query all tokens under an individual cardholder, or look up individual tokens.  


As a standard, Exact will return the token, card details, billing details, AVS check results, and token type to the merchant when they pull the details of the payment method. If a payment method update was due to a status change reporting an inactive network token, an additional special section will be included in the payment method response indicating such. Otherwise, this section will not normally be included in the response. 





For more information about the benefits of network tokenization, please visit the Exact Payments blog. For detailed integration instructions for developers, please refer to our API documentation. 




Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select atleast one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article