Let's start from the beginning and answer some questions in order to see the whole picture and the full story.
What is tokenization?
Tokenization is a process of transforming sensitive data to non-sensitive data representation known as a token.
What is considered sensitive data?
Sensitive data is a piece or pieces of information that can be used against or in favor of an individual or a business. Sensitive information can be religion, race, social security number, home address, and others details that will lead to real person identification.
In our specific scenario, sensitive information is cardholder’s information that includes primary account number or PAN usually 16 digits, cardholder’s full name, CVV, PIN code, and card expiration date. Tokenization is happening when a cardholder adds his card on a website, the system sends the cardholder's information to the vault and receives back a token. This process is also known as "Putting a card on file." Currently, the returned token called a "Proprietary Token," or a "PCI Token"
Traditional Tokenization Process High-Level
Currently, and before the Network Tokenization trend, to process a payment transaction, the minimum required fields are PAN, expiration date, amount, and sometimes zip code. Before processing any payment, there is a need to retrieve the actual PAN from the vault by the initially created token. This action is usually called “Exchange token for PAN.” PAN among other several fields wrapped in a message and sent over to the relevant issuer via a secured channel.
Traditional Transaction Flow
Traditionally, the card-holder needs to replace his credit card whenever it got expired or is blocked as a result of fraud.
In the Network Tokenization era, to process a payment transaction requires just Network Token and amount. The card numbers, expiration dates, CVV, and other cardholders' information are updated by the card network automatically.
Network Tokenization Process High-Level
Network Tokenization has brought to the banking system and specifically the payments processing industry, a new standard. Network Token replaces the transactional Primary Account Number with a unique EMV® payment token, which was initially created by the card network.
Network Tokenization is not just about transferring a token, instead of a primary account number, it is also used to make the actual issuer banks participate in the change that's happening to cross the board.
Transaction Network Token Flow
The main difference between Network Token and Non-Network Token is that Network Token is used throughout the entire transaction lifecycle instead of using the actual PAN, which is considered a traditional way
Until now, I've mentioned just the security and the payment processing side of Network Tokenization, but Network Tokenization solved some other issues in the logistics of dealing with credit cards. Today, we know something that is called account updater.
Finally, why do you need to adopt a Network Tokenization?
It's a service that is provided by the card networks like Visa, MasterCard, and a lot of others. It helps merchants to raise the authorization rate by keeping the payment methods updated in real-time, so expired cards, invalid account numbers, and CVV/CVC failures are no longer relevant.