Tokenization may sound complicated, but it’s actually very simple

What is it?

Think about when you go to the carnival and purchase tokens to play games. The tokens can be used to play Duck Pond and Whac-A-Mole, but once you leave the carnival, you can’t use the carnival tokens to purchase a meal from McDonald's. In a similar vein, the process of tokenization converts your credit card information into an unrecognizable formula that is unusable outside of a certain context.

How it works?

In a credit card transaction, the process of tokenization replaces your 16-digit card number with a randomly generated, unique placeholder of seemingly nonsensical letters and numbers. The token, rather than your actual credit card number, would be used to complete the purchases you are making. If you are carrying leftover carnival tokens at the mall, and one gets stolen, the token cannot be used at the mall as it has no meaning outside the context of the carnival.

Why it's secure!

The process of tokenization serves to increase security immensely. In a typical credit card transaction, there are lots of opportunities for your account number to be exposed. One dishonest worker at the point of sale could see your credit card number, memorize it, and use it to go on a shopping spree. Likewise, a hacker could skim your data whilst it is being processed and sell it in the underground market. But if a token, rather than your account number is passing through all the systems involved in authorizing your transaction, your payment information stays safe. The token can only be ‘unlocked’ when it has reached its final destination, the payment processor. Until then, it is meaningless to anyone who might encounter it.

Exceptionally safe shopping

What Happens During A Tokenized Sale?

When it comes time to process a payment, whether that is through an eCommerce site, an app, or a mobile wallet, the payment processing steps are generally similar. Here is a simplified process for your information.

The customer initiates payment for our service via our website
We send a token request to our bank
Our bank routes our request to Visa/ Mastercard
Visa/ Mastercard sends a token to your bank
Your bank returns an authorized token for our use
Viola! Your sale is complete.

This all happens without our site ever having been given access to your actual card information. That means that even though you might have entered it in on our website we never see or store your actual card number at any point. Tokens can usually be accessed for a short period of time in case a customer needs to have something added on to their order or receive a refund.

We’ve got you covered

>Play Video

Similarities and differences between tokenization and encryption

Tokenization and encryption are similar in that the data is hidden from would-be interceptors, but the processes are completely different. In tokenization, the customer data gets replaced with a token without exposing the real payment card information to Instagopher. With encryption, the payment card information runs through an algorithm, a mathematical process, to transform the original data into something indecipherable until unlocked with a ‘key’ during processing. Since the process is not randomized like tokenization, the algorithm is somewhat vulnerable to hackers trying to crack the code. In short, encryption is mathematically reversible, and tokenization is not. Additionally, encryption is not a complete, end-to-end security method, like tokenization.