Imagine you’re sitting at a table in a casino. You’ve purchased poker chips with some cash and you’re ready to play. What does this have to do with tokenisation?

It’s quite simple really. The chips you’ve used to play are your “tokens” representing cash. Once your game is over, you can redeem your chips for cash.

Cash can easily get lost, stolen or misplaced and this is one of the reasons chips were invented. Similarly, when you make payments online, you can protect your account and personal information through tokens.

But what is a token and how can you use them to make online payments? Stay with us and find out!

What is a token?

A token can be defined as a piece of information, which replaces another more important piece of information.

On their own, tokens don’t really have much value. They’re just random data.

However, when used correctly, they can help improve the security of your personal and card data when doing online, in-store or in-app purchases.

How are tokens used?

Many businesses these days hold, store and keep sensitive data in their systems. This requires extra layers of security and protection to ensure there are no data breaches.

Some examples of this sensitive data include credit card data, medical information, names and addresses and more. When this valuable data is removed from the business environment and is replaced with tokens, which are unique to each piece of information each token represents, then security is improved making it much more difficult for hackers to steal personal data. 

Tokenisation in payment processing

One payment network that’s offering tokenisation is the Visa Token Service. Essentially, it enables digital payment service providers and financial institutions to “offer their customers a safe way to shop online and with mobile devices.”

  • Step 1 – a consumer provides their account details to a digital payment service such as an online retailer or a mobile wallet.
  • Step 2 – the merchant or mobile wallet sends a request for a token for the enrolled customer’s account to Visa.
  • Step 3 – Visa will share the new token with the account issuer.
  • Step 4 – Visa will then change the customer’s PAN number with a token. This step is taken with the account issuer’s approval.  
  • Step 5 – the new token will be shared with the digital payment service (for both online and mobile use).

What is detokenisation?

So, just like tokenisation issues a token for a transaction to take place, detokenisation is the reverse process. The token that was issued is exchanged for the original data value.

A good aspect about detokenisation is that it can only be done by the original tokenisation system. If there is a breach in the “tokenised environment”, the data that’s exposed to cybercriminals will be worthless to them, which is an important way of reducing the risk of data theft. 

What’s the difference between tokenisation and encryption?

If tokenisation is about substituting real, valuable data into tokens to protect personal information, then what is encryption?

Although they might seem similar at first, there are some significant differences between tokenisation and encryption.

For starters, encryption uses a mathematical algorithm to “transform plain text information into a non-readable form.”

This new form is called a cipher text. Both an algorithm and an encryption key are needed to “decrypt” the information and to return it to its original format. 

So, without further ado, here are some of the main differences between tokenisation and encryption:

TokenisationEncryption
Random generation of a tokenMathematical algorithm which transforms plain text into cipher text
Stores mapping in a databaseUses an an encryption algorithm and key

The larger the data set, the more difficult it is to scale securely
Scales to large data volumes
It is used for structured dataIt is used for both structured and unstructured data
Difficult to exchange dataPossible to exchange data with third parties who have the encryption key
The original data will never leave the organisationThe original data can leave the organisation, but in an encrypted form

Final remarks

As cybercriminals become smarter and more adept at getting your personal information, payment providers need to consider keeping up with the times and keeping their customers and their data safe.

Tokenisation and tokens are one of the latest and safest ways to shop online, in-app or in-person as evidenced by Visa’s Token Service.

Remember that getting a token is not the same thing as encrypting data and that they ultimately serve two different functions, although the end goal is to protect consumer’s information.

We urge you to stay safe when shopping – whether in-person, in-app or online!