Guides
Go to payrails.com
Start typing to search…

Network Tokens

Learn the benefits of using network tokenization with Payrails as well as how to implement for more secure, efficient, and seamless payments.

What is network tokenization?

Network Tokenization is a service introduced by card networks such as Visa, Mastercard, and American Express. It is a payment method in which the card number (PAN) is replaced with a secure token of the network and used in payments with higher security levels than traditional PAN.

Benefits

Network tokens are known to have higher security and authorization rates, reduced fraud, and improved customer experience.

Increased Security

Network tokens reduce the risk of data breach exposure since the real card PAN is not stored. In addition, each payment is secured by a unique cryptogram also generated by the networks. You can see more details regarding the cryptogram in the relevant section of this guide.

Increased Authorization Rate

Network tokens are proven to have higher authorization rates than tokens issued by payment service providers or token providers, as they are issued by the networks, eliminating potential declines by them. With Network tokenization, there is a reduced scope of SCA requirements. Fewer challenges or step-up authentications cut payment friction and improve authorization rates and payment success.

Reduced Cost

The cost of interchange fees charged by the networks for merchants is lower for the network tokens, as the networks encourage the usage of network tokens, given their benefits for the payment ecosystem. The costs are reduced for the card-not-present network token transactions by an average of ten basis points.

Increased User Experience

Network tokens ensure a frictionless payment experience with automatic renewal and real-time card life cycle management features. Network tokens are updated by the card network when there is a change on the card, such as when a card is renewed after its expiration, reissued due to being lost or stolen, or any other case that makes the card change. This feature ensures that the card that is held on file in the merchant does not need to be updated manually by the cardholder on each merchant’s site but can be updated automatically by the merchant, ensuring a frictionless customer experience.

Merchants can use the card art and thorough issuer/card information to design a better user experience and interface in their checkout. With network tokenization, it is possible to request the graphical details of a payment card, as well as BIN data such as card brand, type, issuer name, or country.

Network Tokenization 101

Head to payrails.com blogs to read more about how network tokenization works and benefits merchants.

How to start using network tokens

Step 1: Onboarding to the Card Networks

The first step is for Payrails to set up the configuration between the merchant and the networks. Payrails works as an on-behalf-of token requestor and handles the heavy lifting of the integrations with the networks for the merchants. Meanwhile, Payrails merchants become the Token Requestor, to whom the ownership of the tokens belongs.

Each network has a different onboarding process, requiring a different set of information. Payrails handles this complexity and provides a network-agnostic onboarding process to its merchants.

Visit our Onboarding to Networks guide in the next section for more details.

Step 2: Provision Network Tokens

Network tokens are typically created as a token under a payment instrument alongside the vault tokens and other token types that an instrument may have. If you are new to the concept of payment instruments and how they abstract multiple types of tokens, visit payment instruments guide for more information.

Once you can create instruments, you will be able to provision a network token. There are multiple ways to do that:

  1. Set your rules to selectively provision network tokens automatically. You can define rules based on: network, BIN, issuing country and card type.
  2. Use 'provision network token' parameter when creating a new instrument. Use the API endpoint to request network token provisioning for a particular instrument.
  3. Use 'provisioning network token' API endpoint to provision a network token for an existing payment instrument.

Visit our Provision Network Tokens guide in the next sections for more details.

When a Network Token provision is requested, card details will be sent to the network via Payrails, and the network token which is considered sensitive data will be stored securely in Payrails Token Vault. Payrails will generate a network token reference and attach it to the payment instrument.

👍

The service allows merchants to tokenize cards entered by consumers during checkout or existing card held on file. That means, you can start using network tokens anytime, and benefit for including the existing customer base.

Step 3: Use Network Tokens in Authorization

Depending on whether you use Payrails as a vault proxy during a payment authorization with a provider you connect to, or use Payrails as a payment orchestrator, where you only connect to Payrails APIs, the usage flow differs. To read more about those two ways of integration, you can go here.

Use Network Token in Orchestration - Payment Acceptance Flow

In this flow, Payrails helps its merchants identify the optimal rules according to their business performance and goals. You can configure a default behavior if you want to use network tokens in every authorization request to Payrails or choose Payrails smart logic to decide it for each request.

Payrails orchestration also abstracts the PSP selection logic as well as constructing the corresponding payload for each PSP, alongside when to use a cryptogram.

Visit this page to read all details and how to integrate this flow.

Use Network Token in Proxy Flow

Our proxy API allows you to use both the network token and the PAN token of a payment instrument. In the case that both of those token types exist under one payment instrument you store, we will check the proxy request body to see which token type is used based on dynamic variable placeholders.

Additionally, in certain cases such as customer-initiated payment (CIT), you will need a cryptogram ready to be used in your proxy request.

Visit this page to read all details and how to integrate this flow.

Keeping network tokens up-to-date with the lifecycle management events

When a cardholder or Issuer of the card makes a change in the card that has a network token in our system, it is a requirement to update the network token so that the network token will be kept valid. Payrails will be notified by the networks in case of an update and will update the network token in the vault accordingly. No additional action will be required by the merchant; however, you can choose to be notified of the updates through our notifications.

Cardholders can interact multiple ways with their card issuers that result in life cycle events to the ecosystem. A few typical use cases are:

  • The contract with the issuer is terminated, rendering all cards and related tokens invalid.
  • User reports card lost, stolen, or damaged.
  • Funding card expires.
  • The end user triggers token status life cycle management actions from the issuer side (e.g. issuer mobile banking application).

In such cases, with our integration to the networks, Payrails receives a notification including the context of the change, and initiates the necessary update on the token or the data of the token.

Visit this page to read all details of how Payrails manages the life cycle updates of the tokens for each scenario.


Updated 14 days ago

What’s Next

Interested in network tokenization? Let's learn how to onboard to the networks to start provisioning network tokens.