Historically, merchants leveraged tokens as a replacement of the Primary Account Number (PAN) to remove liability from their infrastructure in the event of a data breach. As digital commerce has expanded, however, tokenization has evolved to account for the replacement of any sensitive data elements, such as employee data or customer social security numbers, with a unique identifier.
The Benefits of Tokenization
By replacing these numbers with tokens, merchants not only reduce the risk of a data breach, they also ensure that even if a hacker (aka “bad guy”) were to access their system, the hacker would only be able to access the tokens, which are useless without corresponding sensitive personal information (SPI).
From a consumer engagement perspective, leading merchants are also leveraging tokens to store multiple forms of payment for consumers to engage in multiple channels of commerce. In maintaining a common unique consumer identifier across their architecture, tokenization can expedite the payment process by enabling consumers to bypass entering their stored payment credentials. In its more sophisticated applications, merchants are leveraging tokens to enhance consumer profiling to monetize their first-party data.
Beyond these operational benefits, a strong tokenization strategy also helps address compliance requirements. As more jurisdictions require organizations to store PII and SPI in a secure manner, tokenization helps to meet these requirements by reducing the amount of information that a merchant must store.
Complexities in Tokenization
In addition to choosing the right tokenization schema that will comply with applicable regulations, merchants also must navigate the increasing complexities of the tokenization landscape when crafting their strategies. “It’s essential for a merchant’s payment architecture to inform their tokenization strategy,” explains Clint Cady, Partner at W. Capra. “As commerce architectures and business decisions have become more complex, the requirements for usage across token types has multiplied.”
For example, while payment tokens represent a customer’s payment information without exposing sensitive data, network tokens facilitate secure communication between different multiple payment parties involved in the payment processing flow. Additionally, your strategy will vary depending on if you have one or more gateways, if you require both a primary and backup token, and whether your current business processes require a 3rd party payment or network token (or both).
The Importance of Getting It Right
If a merchant does not have a tokenization strategy in place, or if they have the wrong strategy, they are putting themselves and their customers at risk. “Beyond the obvious security risks,” Cady added, “A suboptimal strategy can result in increased operational challenges, increased reliance on single providers, and inconsistent consumer experiences.” Failure to act can be crippling to an organization, resulting in preclusion from future payment-related initiatives, such as not having the infrastructure in place to conduct least cost routing through multiple processors.
How Do I Get Started?
“The first step is to understand your use cases and challenges to solve,” Cady offers. “Are your goals to protect the brand, to better engage consumers, to more effectively attribute your marketing, or perhaps to monetize your first-party data?” Once you’ve aligned on your strategic objectives, it’s essential to ensure alignment with your go-forward consumer experience and payment strategies as well.
Though navigating the details of a token strategy may seem daunting, W. Capra maintains a specialized team of experts who can help your brand identify a tailored go-forward tokenization roadmap that aligns to your broader brand goals and optimizes the path to token conversion.
Clint Cady is a Partner at W. Capra who focuses on helping our clients to set and achieve their strategic technology goals. For further discussion, please contact Clint at [email protected].