Demystifying Token Conversion

With today’s increased security posture toward Personally Identifiable Information (PII) and payment card data, every merchant who allows their customers to store personal information and payment credentials should be utilizing tokenization to make that stored data more secure.

A token service provider typically handles the tokenization process. As with any other facet of business operations, this provider may need to be evaluated and replaced.  If your company is migrating to a new token provider, you need to be aware of the many interdependencies that this process crosses.  Clint Cady, Partner at W. Capra, stressed, “Token conversion is not a single line item within a grander project plan.  The process requires a dedicated workstream to weigh the impact on all current business processes and systems and architect and manage an effective conversion.”

If it’s so complex, why switch? 

There’s an inherent stickiness to any token provider, but as companies evaluate their payment architecture and look at pricing, performance, service level agreements (SLAs), and other factors, chances are that swapping out a provider or adding a new service will require a token conversion.  “The difficulty of token conversion and associated concerns should not be the sole reason to stick with an incumbent solution or provider within your payment architecture. Token conversion is possible, despite what you may have heard,” Cady added.

Pat Behrens, Senior Consultant at W. Capra, commented, “A holistic view of your architecture is crucial to success. You need to understand what systems and processes currently rely on tokens along with the business and operational impacts of conversion layered on top of the business and security requirements for how the conversion needs to be completed.  Given all the stakeholders, both internal and external, having an experienced third party that can define requirements, translate them to all parties, and manage the intricacies of this complex process is vital.”   

Can I manage the conversion myself? 

Once you have internal agreement that token conversion will be required, myriad questions remain about how to complete the conversion. How many records will you be migrating? How long will you tolerate operating in a dual-token environment? How will you manage failed conversions and customer messaging? Are there outdated records that can be excluded from the process to decrease your scope? How will your old token provider interact with your new provider? These and questions like them illustrate the complexity of a token conversion project. Token conversion cannot be treated in a cavalier manner. 

“For many organizations, there is no single person who manages or is fully aware of all tokenization methods and corresponding uses, applications, and impacts across the company.  By bringing in a third-party like W. Capra, you can have an experienced team leading and completing the complex and oftentimes herculean task of token conversion and operationalization,” Cady strongly urged.

Clint Cady and Pat Behrens are dedicated to assisting W. Capra clients with all things payments, including completion of token conversion projects. For further discussion, contact Clint Cady at ccady@wcapra.com or Pat Behrens at pbehrens@wcapra.com

Leave a reply