A Cybersource guide

A Guide to Network
Tokenization

Why tokenization
The arrival of network tokens
Cybersource Token Management Service

©2022 Cybersource. All rights reserved.

 Why Payment Token Management Getting
Welcome
tokenization tokenization Service started

Contents

3 Welcome
Why are we talking about tokenization?

4 Why tokenization
Creating secure and seamless payments is harder than it sounds

5 Payment tokenization
How it works, why it’s important

8 Cybersource Token Management Service

The enormous benefits for business

16 Getting started
How Cybersource can help

©2022 Cybersource. All rights reserved. A guide to network tokenization 2

 Why Payment Token Management Getting
Welcome
tokenization tokenization Service started

Welcome

Of course, with new opportunities inevitably

The payments revolution is come new challenges. Customers now expect
happening all around us, and it’s simple and consistent payment experiences,
but payment environments keep growing more
impossible to ignore. Nor should complex. And while worldwide digital commerce
any business want to ignore it: grew 27.6% in 2020/21 1, 2020 also saw a 20%
rise in security breaches.2
from the opportunity to serve
customers worldwide to the But as so often happens, necessity has bred
invention. New tokenization technology is
simplicity of going cashless, fundamentally changing how sensitive payment
digital commerce is providing data are managed.
benefits at every level. While solving security challenges, tokenization
also helps businesses create seamless payments
experiences that are making a material difference
to conversion and revenue.

This guide will show you how payment tokenization

can benefit your business, and of course, how
Cybersource can help.
1
Ethan Cramer-Flood, “Global Ecommerce Update 2021” emarketer, Jan. 13, 2021
2
Gibson Dunn, “U.S. Cybersecurity and data privacy council outlook and review” Jan. 28, 2021

©2022 Cybersource. All rights reserved. A guide to network tokenization 3

 Why Payment Token Management Getting
Welcome
tokenization tokenization Service started

Why tokenization

So why is creating seamless payment experiences so hard?

The problem stems from the risks associated with sensitive “Digital commerce presents
account data. not only huge opportunities,
but also a particular set
The current payments ecosystem still relies on customer of challenges: transaction
identifiers consisting of personal account numbers (PANs), decline rates, online fraud,
billing addresses, expiration dates, and card security codes. and the customer’s payment
experience. At the same
time, keeping up with
rapidly evolving technology
is becoming increasingly
complicated.”
Jignesh Kacharia
Vice President, Product Management
Cybersource

40 billion
Records exposed in 20213

Used online, these account details draw the attention of

$4.35
fraudsters looking for ways to exploit the data on an industrial
scale, so businesses must bear the cost of keeping them safe.
Equally, if these identifiers are compromised, it’s hard for million
businesses to tell if they’re being used legitimately. Global average cost, in USD,
of a data breach4
The result is that businesses are faced with a no-win
situation: decline any transaction that looks remotely suspect
and negatively impact sales or accept all transactions and risk
fraud and reputational damage.

3
Cybernews, “More than 40 billion records were exposed in 2021” Jan. 28, 2022
4
Statista Research Department, “Average total cost per data breach worldwide 2014-2022, by country or region” Sep. 4, 2022

©2022 Cybersource. All rights reserved. A guide to network tokenization 4

 Why Payment Token Management Getting
Welcome
tokenization tokenization Service started

1 2 3

Payment tokenization

Tokenization technology arrived nearly two decades

ago and is now at the heart of keeping data secure
within the payment process. Almost all businesses
currently use tokens to some extent to prevent fraud.

How tokenization works

1. A customer’s PAN is replaced with a unique 2. Crucially, the token bears no mathematical link 3. The real PAN is stored securely by the acquirer
identifier created by a seller’s in-house to the PAN and cannot be reverse engineered or gateway and is at no point revealed to the
system, an acquirer, or a payment platform. to uncover the PAN—even if a fraudster gains seller or used in processing payments.
access to it.

PAN
PAN
PAN
Customer Merchant Acquirer bank Card network Issuer bank

The concept of using a token to The result is win-win. Customers don’t

safeguard something of value is nothing have to worry about their account
new: think of chips in a casino or tokens details being vulnerable online, and
in an arcade. Payment tokens follow the businesses don’t have to worry about
same principle. keeping sensitive data safe within their
own environment.
Tokenization means a customer’s
sensitive account data is replaced
with a digital identifier while the real
data is stored securely. If the token
The widespread move
is compromised, it is meaningless and to tokenization is well
cannot be used.
underway.

©2022 Cybersource. All rights reserved. A guide to network tokenization 5

 Why Payment Token Management Getting
Welcome
tokenization tokenization Service started

1 2 3

The arrival of network tokens

A major step forward in tokenization has been the arrival of

3%
network tokens, which unlock higher authorization rates,
lower fraud, and create a better customer experience.

The first payment tokens were issued by sellers, acquirers, Token auth rate lift5
or payment platforms for individual credentials. In contrast, Global average for CNP
network tokens are generated by a payment network such transactions as compared
as Visa. Instead of replacing a single PAN for its lifespan, they to PAN.
represent a customer’s credentials for the entire buying cycle.

-26% fraud

Network tokenization can

What this means is that, at the point of initial payment, a business reduce fraud by an average
can ask the network to generate a token that can then be used of 26% without creating
(and importantly, tracked) for all subsequent transactions, even additional payment friction
if the card has been replaced by the cardholder. The credentials for your customers.6
will automatically be updated via lifecycle management, be it for
a card or a digital wallet like Google Pay.

This allows businesses to recognize their customers and

understand them better, enabling higher authorization rates
as well as fraud reduction.

5
VisaNet, Jan-Mar 2022. Visa credit and debit global card-not-present transactions for tokenized vs. non-tokenized credentials. Auth rate defined as
approved count of unique transaction authorizations divided by total unique authorization attempts, based on first auth attempt only.
6
CNP & CP Average is for set of Token participating Merchants (by Merchant DBA) (PAN & Token)

©2022 Cybersource. All rights reserved. A guide to network tokenization 6

 Why Payment Token Management Getting
Welcome
tokenization tokenization Service started

1 2 3

Network tokenization made

easy by Cybersource

Cybersource can accelerate your business’s adoption

of emerging network tokenization technologies with
a suite of fast, comprehensive solutions.

We are a Visa solution with tremendous

global scale, serving 190+ countries and
territories.

Cybersource acts as a bridge to network tokenization

for Visa and Mastercard and will soon include American
Express and Discover. Our brand-agnostic global access
and network token expertise can help you maximize the
benefits of network tokenization, regardless of where
you are on the journey.

©2022 Cybersource. All rights reserved. A guide to network tokenization 7

 Why Payment Token Management Getting
Welcome
tokenization tokenization Service started

1 2 3 4 5 6 7 8

Cybersource Token Management Service

Token Management Service is the simplest way for

you to maximize the potential of network tokenization
and become an early adopter of new innovations and
omnichannel experiences.
The power behind Token Management This super token centralizes and
Service lies in Cybersource’s super simplifies the management of previously
token, which links network tokens separate tokens and payment types,
from different card brands (such as making it possible to create a complete
Visa and Mastercard), banks, payment transaction history for each of your
types, and channels together. customers. You get a 360-degree view
of your customers’ shopping habits
Cybersource across different channels, and you can
super token make customer loyalty and rewards
opportunities part of every online,
mobile, and in-store transaction.
If you offer multiple card brands you
can see a customer’s activity across
all of them, too.

Card brands Banks Payment types Channels

©2022 Cybersource. All rights reserved. A guide to network tokenization 8

 Why Payment Token Management Getting
Welcome
tokenization tokenization Service started

1 2 3 4 5 6 7 8

The super token:

A Cybersource innovation

Cybersource’s proprietary network token links

payments, customer data, and other network tokens
to create a super token.

Links tokens Includes Creates a unified Makes payments

from different alternative view of your simple and safe
networks, issuers, payments customers
and channels

Only Cybersource Token Management Token Management Service improves

Service offers a proprietary network customer experience by creating a
token that links tokens from different unified view of your customers and their
networks, issuers, and channels to help buying behaviors across channels and
resolve the tension between simple payment methods, seamlessly updating
payment experiences and complex payment credentials to provide a
environments. smooth path to improved conversion.

Cybersource’s super token not only Using Token Management Service makes
connects data from all card types and payments simple and safe for your
issuers, it includes alternative payments customers—no matter how complicated
such as eCheck in North America, ACH, things get behind the scenes.
and other debit products. The super
token powers our Token Management
Service in managing customer data,
simplifying customer models, keeping
credentials refreshed, and reducing
PCI compliance scope. And it integrates
seamlessly with other Cybersource
solutions, such as Decision Manager,
Payer Authentication, Account Takeover
Protection, Recurring Billing, Global
Gateway, and others.

©2022 Cybersource. All rights reserved. A guide to network tokenization 9

 Why Payment Token Management Getting
Welcome
tokenization tokenization Service started

1 2 3 4 5 6 7 8

The benefits of Cybersource

Token Management Service

Payment options your customers love

By helping you understand your customers’ shopping
habits across payment methods, networks, and channels,
Token Management Service enables:
One-click checkout options using card- Personalized payments that use
on-file information across different customers’ cross-channel payment
channels. histories and data to pinpoint their
preferred way to pay.
More ways to pay, including digital
wallets, direct debit, Click to Pay, ACH, New ways to shop, including buy online,
online bank transfers, international and pick up in store (BOPIS), curbside
regional cards, and whatever else is the ordering, touchless kiosks, and more.
next big thing.

©2022 Cybersource. All rights reserved. A guide to network tokenization 10

 Why Payment Token Management Getting
Welcome
tokenization tokenization Service started

1 2 3 4 5 6 7 8

Safeguard Keep customer data encrypted Tap into the advantages of top-tier, Visa
your business and secured: Cybersource Token grade security: Store your customers’
Management Service protects your card-on-file information in Visa’s
customers’ sensitive personal and card enterprise-level, tier-4 data centers—
information before, during, and after the highest level of security used for
every transaction. sensitive customer payments data.

Boost Lift authorization rates: The ability

revenue to recognize more legitimate repeat Avoid lost revenue from expired cards:
customers is proven to boost Payment cards are updated seamlessly,
authorization rates by an average of 3%, providing a smooth path for ongoing
the global average for CNP transactions authorizations.
as compared to PAN.7
Improve customer loyalty strategies:
Reduce fraud: Reduce fraud by an Visibility across channels means you can
average of 26% without creating also reward customers across channels
additional payment friction for your with discounts, loyalty points, and promo
customers.8 codes, driving repeat business and
increasing revenue.
Enhance lifecycle management:
Optimize revenue using lifecycle
management to ensure the latest
account information is available via
automated updates.

Save money Reduce your PCI DSS compliance Gain better customer insight: Create a
scope and costs: Token Management complete, unified view of your customers
Service meets the strictest regulatory and their purchasing behaviors so you
standards for encryption and data can give them a personalized experience
security. There’s also no need to staff without a time and resource-intensive
and manage multiple network token effort by your IT department.
systems to prove PCI compliance—
almost everything is done for you. Move efficiently toward network
tokenization: Accelerate your journey
toward network tokenization with a fast,
comprehensive solution for adopting
Visa Token Service and other network
tokenization technologies.

7
VisaNet, Jan-Mar 2022. Visa credit and debit global card-not-present transactions for tokenized vs. non-tokenized credentials. Auth rate defined as
approved count of unique transaction authorizations divided by total unique authorization attempts, based on first auth attempt only.
8
CNP & CP Average is for set of Token participating Merchants (by Merchant DBA) (PAN & Token)

©2022 Cybersource. All rights reserved. A guide to network tokenization 11

 Why Payment Token Management Getting
Welcome
tokenization tokenization Service started

1 2 3 4 5 6 7 8

Tokenization is a critical part of a

modular solution to combat fraud

Another enormous benefit of Cybersource Token Management

Service is that it easily integrates with our other solutions,
including Decision Manager, Payer Authentication, Account
Takeover Protection, Recurring Billing, Global Gateway, and
others. These products, when combined with Token Management
Service, create powerful solutions that reduce fraud, increase
authorization, and optimize revenue.

Once integrated, our modular services and global reach give you
the flexibility to design a tailored experience for your customers,
with payments seamlessly embedded.

Modular
services
include…
Token Decision Payer Account Takeover Recurring Global
Management Manager Authentication Protection Billing Gateway
Service

Open
integrations APIs

All channels

Many verticals Retail eCommerce Transit Telecom Restaurant Airline Insurance Utilities

Built on Visa 99.997% uptime9 Data-based fraud prevention Global connectivity

9
Cybersource enterprise platform uptime based on FY21 internal data, Oct. 1, 2020 to Sep. 30, 2021

©2022 Cybersource. All rights reserved. A guide to network tokenization 12

 Why Payment Token Management Getting
Welcome
tokenization tokenization Service started

1 2 3 4 5 6 7 8

Solving your business needs

Business needs… …solved by Cybersource Token Management Service

Integrating network tokenization into your business

I don’t want to have to integrate with each major card Token Management Service provides network tokenization
brand to start using network tokens. for Visa and Mastercard, with American Express and
Discover coming soon.

I want to process card, non-card, and alternative Token Management Service provides a single customer
payments using the same token. token for all payment methods.

I want to change processors or acquirers without With Token Management Service, tokens stay the same in
having to update my token or import/export your systems, even if you change acquirers/processors.
payment data.

I need a token solution that supports all my existing Our solution provides a unifying layer for all your existing
processors and acquirers, so I don’t have to change payment tokens and/or gateways, enabling them to
my tech and bank relationships. coexist in a single payment environment.

I want a single token to work across multiple acquirers Token Management Service works across multiple
and regions. acquirers and regions using a unified token from your
system.

I want support with our PCI assessments so we can Token Management Service maintains PCI DSS compliance
keep up and not get fined. to reduce your audit time and ensure full compliance.

©2022 Cybersource. All rights reserved. A guide to network tokenization 13

 Why Payment Token Management Getting
Welcome
tokenization tokenization Service started

1 2 3 4 5 6 7 8

Business needs… …solved by Cybersource Token Management Service

Integrating network tokenization into your business

I want to remove payment data from my system, Token Management Service is cloud-based, with data
so we don’t get breached. stored in Visa’s tier-4 data centers.

I want a token solution that bridges across vaults Token Management Service supports a seller-wide vault,
that were used for eCommerce and card-present irrespective of channel and with access provisioning by
separately. business unit, if needed.

There are still parts of my ecosystem that need PAN, Token Management Service can return the last 4 or
like our call center. How will that work? 6 numbers of a PAN, as well as full PAN decryption if
specifically approved by your business.

Increasing revenue capture

I want to stop getting declines due to expired cards, Token Management Service includes Cybersource Account
invalid account numbers, and CVV2 failures. Updater, which updates card details automatically for
better lifecycle management and increased revenue.

I want to maximize successful authorizations for Token Management Service is the fastest way to connect
customer purchases. to Visa Token Service—which uses network tokens to
obtain more data from the issuer during tokenization for
a more trusted payment credential.

I want to reduce recurring billing and card-on-file Token Management Service provides the merchant-initiated
interruptions for seller-initiated scheduled payments transaction (MIT) and cardholder-initiated transaction
and customer-initiated payments. (CIT) protocols (on supported processors) to reduce
declines for network tokens using credentials-on-file.

Offering extra flexibility for customers

I want to process payments and returns across all Token Management Service comes seamlessly integrated
channels and locations using a single token. with Global Gateway for payment processing and can also
support in-person payments.

I want to allow online purchases with in-person pick-up With Token Management Service, a single token works
(BOPIS) using a single token. across channels, even with separate acquirers/processor
platforms for purchase and pickup.

I want to allow online purchases to be returned at retail Token Management Service allows returns to an original or
locations, and vice versa. a new payment method securely through a unifying token.

For goods not in stock in-store, I want to take payment Token Management Service links across channels,
in-store and deliver the goods to the customer’s home. allowing back-end fulfillment systems to complete
a store-originated purchase with a token.

©2022 Cybersource. All rights reserved. A guide to network tokenization 14

 Why Payment Token Management Getting
Welcome
tokenization tokenization Service started

1 2 3 4 5 6 7 8

Business needs… …solved by Cybersource Token Management Service

Offering extra flexibility for customers

I want to offer new digital experiences for my When payment credentials are tokenized, businesses
customers, like curbside pickup, mobile key check-in, can innovate customer experiences and journeys.
grab & go, biometrics/face-to-pay, fob, chat bot, etc.

I want to track customer reward/loyalty programs Token Management Service can show a customer’s
and see purchasing behavior with a single identifier. loyalty and reward signups and usage.

I want to sign customers up online and in person Token Management Service can be used as a stored
for recurring services through a subscription. credential for recurring subscription billing.

I want to let my customers place an order using Token Management Service tokens can be used by
Alexa or Siri. partners who enable IoT commerce, without exposing
card details to third parties.

I want to be able to see a customer’s purchasing Token Management Service isn’t limited by channel
behavior across channels. and can identify customers and their purchases across
channels.

I want to leverage a customer’s purchasing activities Token Management Service can provide omnichannel
for more targeted marketing. reporting on purchasing behavior.

After an order is placed, I want my customer to be With Token Management Service, a single token can be
able to make changes that may require follow-on used to re-authorize a payment instrument or partially
authorizations. refund from another internal department (like distribution
systems) without any impact on the customer.

©2022 Cybersource. All rights reserved. A guide to network tokenization 15

 Why Payment Token Management Getting
Welcome
tokenization tokenization Service started

Getting started

Cybersource Token Management Service can support

all your existing processors and acquirers across the
globe. You won’t have to change your tech and bank
relationships to implement tokens.

From start to finish, you’ll have a dedicated support team on hand to help:

Getting started • Implementation Specialists

• Technical Account Management
• Enablement Team

Innovation solutions • Development and Test Engineering Team

• Technical Product and Business Solutions Team
• Acquiring Solutions Team

Adapting and growing • Product Innovation and Strategy Team

• Architecture Team
• DevOps and Release Management Team

Ongoing support • Product Innovation and Strategy Team

• Architecture Team
• DevOps and Release Management Team

Let’s talk tokens

If you’d like to discuss how
tokenization can enhance your
business, and how Cybersource
can help, let’s talk.

Contact sales

©2022 Cybersource. All rights reserved. A guide to network tokenization 16