WTF are tokens?

Over the past few years, tokenization has helped ensure the security and streamlining of payments. Although tokens are the backbone of mobile payments, most people don’t exactly know what they are and how they work.

Here is an explanation of tokens, written for people without a PhD in technology.

What are tokens and how do they work?

A token is a random set of numbers, specific to a user, that replaces a customer’s Personal Account Number, or a customer’s payment information, during the payment processes.

Since tokens are another form of encryption, spelling out what makes tokens unique will involves terms like ciphers, random number generators, and algorithms.

Here’s the Cliff’s Notes version:

When users input their payment information into an app, ecommerce site, or mobile wallet, a tokenization service turns this financial information into a digital token. Think of the token as a secret message, while the creator of the token holds the decoder ring. So, just like you need a ring to remind you to drink your Ovaltine, only companies on the token network can read your token, like your bank or the merchant you’re trying to buy stuff from.

Once a customer’s information is encrypted into a token, it can now travel all over a network, allowing users to seamlessly pay at multiple stores using the same token. As long as multiple merchants are on the same token network, your token can be used at any retailer.

While the token itself stays the same, users can change their payment methods that go along with the token, allowing users to add or change financial information without missing a beat.

Where do we use tokens?

Although ecommerce sites can utilize tokens, the biggest area tokens are used is within mobile payments. Most mobile payment wallets, like Apple Pay, utilize tokenization in order to allow users to pay quickly and securely.

Why use a token system?

They’re more secure (which is a good thing) and cheaper (another good thing).

Merchants don’t need to worry about PCI compliance with tokenization, since financial information is kept separate from the token, saving business owners money they would be spending on security systems and servers to hold financial information. If hackers or fraudsters try to steal tokens, they’re left with only half an equation and no ability to unlock the financial information (unless, of course, they hack into the token creator…then we’re all screwed).

Tokens also enable one-click payments for transactions, giving consumers a streamlined experience while checking out.

So who creates tokens?

A bunch of companies provide token services, but some of the biggest providers are credit card companies. Visa and MasterCard both have APIs that allow businesses to utilize their token services.

Why are tokens important?

Token APIs, like the Visa Token Service, are helping businesses move into mobile payments without having to develop their own in-house security systems. If you had to do everything in house and use encryption, which, by the way, is less secure, many companies would be unable to enter into the digital payments world.

Tokenization is also essential to mobile payments, as most mobile wallets utilize tokens for security and one-click payments. Without tokenization, users would have to input or verify financial information at every transaction, taking the ease and convenience out of mobile payments.

Photo credit: Token Company via Visualhunt / CC BY