Type to search...
Future of Commerce
Digital Security
Inclusive Growth
Global Reset
No Results Found
Relevance Date
Future of Commerce
Digital Security
Inclusive Growth
Global Reset

How to use Visa Navigate

Swipe down to share

Swipe left or right to next page

Swipe up to read

Would you like to continue to open links from Visa Navigate in the default mail app or switch to Microsoft Outlook (if installed)?

Keep using the Default
Use Microsoft Outlook

Brian Cole and Ansar Ansari

May 2021

 

11 - 13 Minutes

Convenience and control: Why 2021 is set to be the year of the token

Brian Cole, Senior Vice President, Head of Product, North America and Ansar Ansari, Senior Vice President, Global Head of Platform Products, examine the value of Visa’s tokens and the important role tokenization plays as more customers and commerce move online.

As ecommerce has accelerated, it has highlighted issues that still beset some online payments. Compared to face-to-face transactions, the rate of declined transactions is higher, as are the fraud-to-sales ratios, while the user experience is not always as smooth as we would like and can sometimes get in the way of the sale.

Why is it that the experience of paying online is not always as seamless as it should be? A main factor are the risks related to sensitive account data.

We continue to operate in a payments ecosystem that often relies on the use of a few basic account details (the primary account number, or PAN, the expiration date, and the three-digit security code, or CVV2). If these details become compromised, or we cannot be sure that they are being used legitimately, things can go wrong. Hence, the data is under intense scrutiny from fraudsters, who are forever probing for ways to exploit it at an industrial scale. For any transaction that looks even remotely suspect, issuers and merchants alike are continually forced to make the toughest of judgement calls – do they apply the precautionary principle and decline it, or do they apply the benefit of the doubt and wave it through, knowing that the majority of declined authorizations are, in fact, genuine transactions declined as a result of this precautionary principle?

Enter tokenization, a technology that replaces a consumer’s sensitive PAN information with a unique identifier (a token) that helps protect transactions when used for in-store mobile payments or online shopping.

The journey to adopting tokens is well under way. The advent of network tokens, also known as digital network tokens, was a prerequisite for the arrival of ‘the pays’. For the future, it enables us to envisage a world in which any device with a digital heartbeat could be used to initiate or accept payments across any channel.

Right now, however, the challenge – and the opportunity – is for tokenization to become more deeply and widely embedded in the world of everyday ecommerce. In the wake of the COVID-19 pandemic, the shift to digital payments has unveiled the need for tokenization and the value it can bring.

At Visa, we have every reason to believe that 2021 will be the pivotal year – when tokenization is accelerated to grow rapidly towards ubiquity and becomes the way ecommerce payments happen.

Read on to find out a little more about tokenization – and learn the five reasons we believe 2021 is destined to be the year of the token.

A very quick primer – what is tokenization?

With tokenization, something of high-value is replaced by something of low-value (in a waterpark for example, cash is often replaced with a wristband, which has little intrinsic value and can only ever be used in the waterpark).

In our world, the PAN is replaced with a token – a PAN-like number, which looks like a PAN, and can be processed much like a PAN.

But it is NOT the PAN, nor can it be mathematically reversed to reveal the PAN.

Rules can be applied around where and how each token can be used. It is protected by secure, dynamically generated cryptograms. And it can be remotely refreshed or disabled at any time. So, it’s of little use to any fraudster.

What are digital network tokens – and why does it matter?

With digital network tokens, tokenization technology can be taken to a whole new level. It is about much more than just swapping PANs for a substitute number. It’s about improving the user experience across the vast majority of ecommerce payments.

Through the payment network, an ecommerce merchant can ask for a unique token to be created for each of its customer credentials.

In the case of Visa, the technique is enabled by Visa Token Service (the platform that generates each token), which is already supported by most/nearly all North American card issuers and a large and growing proportion of acquirers and merchant service providers.

Win-win-win – tokenization can benefit all players in the payment ecosystem

With digital network tokens, it becomes possible to bring both improved security and a better user experience to the vast majority of ecommerce transactions

Good for consumers

It makes for a better payment experience for the most popular type of online transactions, namely card-on-file payments. Once a token has been created, the consumer can see a visual representation of their own card on the merchant’s payment pages, they are less likely to experience declined transactions and, when their card expires or needs to be reissued, they don’t have to go through that tedious process of updating their details.

2B+ Visa tokens issued

Good for merchants

Around 95 percent of North American Visa card payment volumes are already enabled to support tokenization, and a large proportion of acquirers and merchant service providers support the service. After tokenization is implemented, merchants can benefit from an increase in authorization rates. And, because they no longer need to store sensitive account data, their security liabilities are reduced.

2.1 percent Average improvement in authorization rates1

Good for issuers

With a lower risk of fraud, fewer cards need to be replaced and there are fewer negative experiences for cardholders. Also, when a card is renewed or replaced, there’s less danger of it losing the coveted top-of-wallet status (because there is no need for cardholders to update their details with a merchant – or to consider reverting to an alternative card). It also minimizes the risk of data breach.

26 percent Average reduction in fraud rates2

 

Reason #1

Tokenization matters more than ever before

Even before the pandemic, ecommerce payment volumes had been growing fast. And despite a difficult 2020, it is estimated that worldwide retail ecommerce sales grew 27.6% for the year3. This sudden increase in new behaviors that developed out of necessity during the crisis has served as a powerful catalyst for the payments ecosystem.

These shifts have drawn attention to the shortcomings of ecommerce. Despite the advances made in recent years, it has to be acknowledged that, compared to face-to-face, online payments are not always as efficient as we would all like. This is largely because, from the issuer’s perspective, ecommerce transactions are riskier, as reflected in higher rates of fraud, so are more likely to be declined.

As of mid-2020, for example, the authorization gap between card present and card-not-present stood at more than 400 basis points and the volume of card-not-present fraud was forecast to continue its climb –set to grow by 14 percent by 20234.

And as the world adopted digital conveniences out of necessity in 2020, a percentage of the workforce was forced to be remote, and a 20 percent increase in security breaches was reported5. Fraudsters didn’t discriminate between technology giants, hospitality and entertainment chains or health care companies.

The acceleration of ecommerce growth has amplified these challenges tremendously, but along with them, the value of tokenization. Today, tokens are more important than ever in the ecommerce landscape. They provide enhanced security for the credential itself, greater issuer confidence in the transaction and hence, higher authorization rates, as well as better consumer experiences through capabilities like lifecycle management and device-binding.

Reason #2

Financial institutions have recognized the value tokens bring in reducing friction

With the growing importance of top-of-wallet status, financial institutions have turned their attention and efforts to achieve and maintain that status. A single poor customer experience can have significant repercussions, such as loss of top-of-wallet or worse, loss of spend overall if the customer stops using the card.

For financial institutions, that seemingly higher-risk world of ecommerce can be costly. Every bit of fraud reduction can translate into tremendous savings, with fewer card reissuances and less impact of a negative customer experience.

With tokens, financial institutions can have more confidence in the authenticity of the transaction, which leads to higher authorization rates. This is due to number of factors: richer data carried with the token (e.g. device info) enables better decisioning from the bank, and often for card-on-file, they know that a merchant has requested a token for a valued customer so issuers can be more likely to authorize. Add lifecycle management and you can have even fewer declines for expired/reissued credentials.

There is also potential to bring greater effectiveness to loyalty and co-brand programs, for example, by using tokenization to give financial institutions access to data, which would enable a 360-degree view of customer purchases.

In fact, over 95 percent of North American payment volume is enabled by the issuers to support digital network tokens. To drive continued digital token momentum, there is a heightened focus on push provisioning, which “pushes” credentials issued as tokens straight into the merchant or wallet environment, helping to preserve top-of-wallet status and of course, emphasis on overall token optimization in the ecosystem.

Reason #3

Tokens unlock the ultimate success metric for merchants

In the ecommerce community, conversion rates tend to be the ultimate success metric – with online merchants often happy to invest in initiatives that might increase conversions by just a few basis points.

Network tokenization has been shown to increase authorization rates, for example, in North America have increased by an average of 2.1 percent6 with some pilot merchants seeing an uplift of tens of millions of dollars.

The exact magnitude of the increase will, of course, depend on many variables. All merchants can benefit from digital network tokens, especially if they have experienced sub-optimal authorization rates, with a high rate of declines due to expired or invalid account data.

Across the payments industry, the benefits extend well-beyond higher authorization rates. For example, network tokenization has been shown to reduce average fraud rates by around 26 percent7. Replacing PANs with tokens means less risk from a data compromise event – even if one happens, the stolen token credentials are virtually worthless for use anywhere else.

Tokens also bring a commensurate improvement to the customer experience, not just from the improved authorization rates and fewer false declines. Network token lifecycle management can significantly drive down the events of stale credentials, saving consumer frustration at the time of transaction.

And it’s easier than ever for merchants to tokenize their transactions. More than 150 payment gateways and merchant service providers utilize network tokens, including many of the larger payment gateways and merchant service providers, and many more are in the process of introducing the capability. This makes it relatively simple for merchants to benefit from tokens.

Reason #4

Quick and easy online checkouts are a reality with digital network tokens

Speaking of improvement of the customer experience, card-on-file, whereby a cardholder authorizes a merchant to store their account details for future payments, has emerged as a prominent way of paying online. It is far quicker and easier than entering our card details afresh each time, and we can all think of examples of how it makes life quicker and easier – when you pay for your ride by stepping out of the car, for example, or pay and tip the pizza delivery person in a mobile app before they even arrive, or your monthly subscription for the streaming TV or music service is automatically debited.

It is perhaps no surprise, therefore, that more than half of all North American ecommerce transactions are now card-on-file or recurring billers versus manual key entry8.

However, card-on-file payments do present their own particular challenges, especially when a card expires or needs to be reissued. For example, some 35 percent of survey respondents say they have forgotten to update their card information with at least one merchant9 and, on average, a merchant will reach out to a customer two-to-three times to ask them to update their card details before cancelling services10 - which, as well as being an irritant to consumers, adds a considerable layer of operating costs for merchants.

Meanwhile, storing all of that sensitive data places a heavy security burden on merchants. They are required to meet stringent standards and, if they do suffer a data compromise, the average costs for 2020 have been calculated at $3.68 million11.

Digital network tokens remove some of these traditional card-on-file barriers. Once a customer’s credentials are authenticated via a verification process, a token can be generated on their behalf. This is then stored, in place of the PAN, and processed just like a conventional transaction, across the entire industry infrastructure – except that, unlike the card details, the token does not go stale.

Token capabilities like device-binding and life cycle management provide a foundation in enabling truly seamless and frictionless transactions for the customer. With the ability to recognize a user more confidently through rich known-device information, or stale credentials being a thing of the past, the potential is created to truly make payments both secure and invisible – the ultimate North Star of payments’ consumer experience.

Reason #5

Tokenization momentum is industry-wide, growing and global – with more than two billion Visa tokens issued so far

Tokenization is nothing new. It was a prerequisite for the introduction of ‘the pays’. And the use of these device-specific tokens brings additional benefits such as the potential for lower fraud-to-sales ratio among tokenized transactions.

What is more recent is the mass deployment of digital network tokens through additional third party wallets and payment service providers. With this approach, it becomes possible to extend and accelerate the benefits of tokens to merchants across all of digital commerce – both card-on-file and guest checkout.

Importantly, tokenization has global, cross-industry backing. The specifications are managed by an independent organization, EMVCo, and the technology has been deployed in more than 193+ countries worldwide. Within the Visa ecosystem alone, some 8,600+ issuers have been enabled for tokenization, more than 615,000+13 merchants are transacting with Visa tokens, and more than two billion Visa tokens have so far been issued.

In the future we can see a scenario where every card-not-present Visa transaction is tokenized, which has the potential to completely eliminate the use – and the risk – of sensitive data. But, for now, the emphasis is to encourage and enable its mass-deployment in the ecommerce channel.

Even before the COVID-19 pandemic, the direction of digital network tokens was clear, with many more payments shifting online. The process has now been accelerated and, in step, we need to accelerate the adoption of tools to keep the ecommerce experience secure and easy-to-use for the consumer, and also for financial institutions and merchants.

Tokens play an important role in securing the ecommerce experience, creating a seamless customer experience and driving value for merchants and financial institutions. With all the necessary pieces in place, we expect them to become widely adopted in 2021 – and approach token ubiquity soon after.

Strong support from industry players

The introduction of network tokenization has been a collaborative, cross-industry endeavour involving a wide range of merchants, merchant service providers and payment businesses. Here’s what three of them have said about it:

“Tokenization is the lynch pin to enabling exceptional digital experiences that address rising consumer expectations for unified commerce. That is a consumer expectation to be recognized consistently in every channel in which they interact. An integrated tokenization strategy is key to unifying channels and delivering a compelling consumer experience.” Andre Machicao, Senior Vice President, Head of Product, Cybersource

“Beyond the conversion rates for card-on-file use cases, initial results from the PayPal wallet indicate that issuer decline rates have reduced by approximately 100 basis points, which leads to better conversion for merchants.” Jim Magats, Senior Vice President, Omni-Payments, PayPal

“Network tokens are one of the key building blocks for the future of ecommerce. We are glad to be at the forefront of helping scale and mature network tokens so that more merchants can benefit and realize this future sooner. We are already seeing immediate benefits as network tokens are vastly improving authorization rates globally." Kamran Zaki, Chief Operating Officer, Adyen

The difference between a digital network token and an acquirer or gateway token

Most ecommerce merchants already use a form of tokenization often delivered by their payment service provider. These acquirer or gateway tokens replace the PAN with tokens, protecting the PAN from compromise at the merchant. However, issuers do not have visibility to token activity on the merchant side. Issuers want to have the increased confidence that comes from digital network tokens being applied by the merchant to protect their cardholder data. Digital network tokens can either be used in partnership with these token solutions to enhance the value as well as be used as a stand-alone.

Digital network tokens extend the protection of the PAN through the network, giving visibility to issuers. The more visibility and control that the issuers have on the credential, the more confidence they are likely to have in approving a transaction.

1 VisaNet, Visa global card not present transactions for token vs non-tokenized credentials, May-July 2020

2 “VisaNet, U.S. fraud rate reduction for CNP & CP token participating merchants with digital wallet token requestors, April–June 2018

3 Ethan Cramer-Flood, “Global Ecommerce Update 2021”, emarketer.com, Jan 13, 2021, https://www.emarketer.com/content/global-ecommerce-update-2021

4 eCommerce Fraud Trends 2019, Merchant Fraud Journal, https://www.merchantfraudjournal.com/ecommerce-fraud-trends-2019

5 U.S. Cybersecurity and data privacy council outlook and review, Gibson Dunn, January 28. 2021, https://www.gibsondunn.com/us-cybersecurity-and-data-privacy-outlook-and-review-2021/

6 VisaNet, Visa global card not present transactions for token vs non-tokenized credentials, May-July 2020

7 VisaNet, U.S. fraud rate reduction for CNP & CP token participating merchants with digital wallet token requestors, April–June 2018

8 VisaNet, US Visa CNP Merchants, Jan-Dec 2018

9 U.S. statistics, Credential-on, Research conducted by Engine Group, Inc., June 2018

10 U.S. statistics, cited in Credential-on--le Pain Point Research conducted by Engine Group, Inc., June 2018

11 Cost of Data Breach Report, IBM Security, 2020, https://www.ibm.com/security/data-breach

12 Source: Global VisaNet and NSPK Data (Russia); Global Merchants, Jan 2020-Dec 2020

Visa Confidential

Read Next



East Meets West: key learnings from the rapid rise of mobile payments in mainland China

January 2019, The War for the Customer
Read More
Share
 

News & Views

January 2019, The War for the Customer
Read More
Share
 

Start-Up Stories: Epicery - bridging the digital divide

January 2019, The War for the Customer
Read More
Share