4 types of card payment security you need to know
Check out our blog on 4 key types of card payment security you need to know as a business.
Tokenisation is the process of protecting someone’s sensitive data by replacing their card details with a series of randomly-generated numbers, also known as a token.
This means the information can be stored and used for repeat payments without merchants having to keep credit card data within their payment systems. This could be in a mobile wallet or one-click checkout system, like you might see on websites such as Amazon.
It’s becoming more widely used, with Mastercard reporting that nearly 75% of all card globally are ready to be tokenised and it’s designed specifically to prevent online or digital security breaches.
In the world of payment processing, a name on a debit and credit card, the 16-digit personal account number (also known as PAN), expiration date and security code can all be tokenised.
So, let’s take the PAN as an example.
When your customer uses their card, the PAN will be automatically replaced with the randomly generated token, meaning that the original PAN won’t actually be entered into your payment system – only the token. You can then use this token ID to keep records of the customer, rather than their personal details.
When you go to take a payment from this customer, the token is sent to the payment processor who then de-tokenises the ID to authorise the payment.
The token is only readable by the payment processor, so it’s pretty meaningless to anyone else. So, if anyone else were to get hold of it, they’d have no way of linking the token back to your customers original details.
Plus, the token is only valid with your business, so it can’t be used to process payments with any other business. Again, this is done to improve safety and security.
Using payment tokenisation, you’ll be able to keep your customers’ data and information safe, protecting you and them against credit card fraud.
Not only that, but it’s a fast, convenient and simple way for your customers to be able to pay.
So, when your customer goes to pay through their mobile wallet, such as Apple or Android Pay, or if they pay online, they won’t need to enter their full payment details every time. Making the payment process even easier for returning customers!
It’s easy and quick to implement too, and you could benefit from higher sales conversion on your website, as your customers will be able to pay with one simple click at the checkout.
It’s fully compliant with PCI DSS compliance. Plus, you may find it reduces your PCI costs, as your business won’t be storing as much financial data within your system.
You can learn more about PCI compliant and how to get started in our blog.
Payment card tokenisation is a security feature designed specifically for online and digital payments, like card on file payments, payment gateways and more.
So, let’s take a look at these in a bit more detail.
Card on file payments is when your customer (the cardholder) lets you (the merchant) store their payment details. They can then authorise you to bill their stored account. It’s mainly used to pay for subscription payments and recurring bill payments.
With tokenisation, you’ll be able to store your customers’ token to take payment, rather than their personal details. As we mentioned earlier, this token can only be used by your business, so nobody else will be able to use it for payment.
If you’ve ever used Apple Pay or Android Pay, you’ll have already used tokenisation when paying.
They both let you add your credit cards and debit cards (as well as e-tickets for trains or concerts) to your Apple device or Android smartphone.
When you add a card to your phone, the details are sent to your bank, which replaces them with the token.
That token is then sent back to Apple or Google, which is then added to your phone for you to use.
And as previously mentioned, if someone were to hack into the phone, they wouldn’t be able to change this token back into the personal details, keeping your data safe.
Masterpass Digital Wallet by Mastercard also uses payment tokenisation.
If you haven’t come across it before, it basically works like Apple Wallet and Google Wallet, so your customers can add their Mastercard card details to their wallet for easy access.
It connects their multiple cards to one single secure account, so they’ll be able to quickly pay using whichever card they’d like, meaning they can manage their balance between the different cards.
Visa Checkout by Visa uses payment tokenisation to protect your customers information.
To get started, customers are able to create a free Visa Checkout account. Here, they’ll be able to enter their details which will be stored in a secure data vault.
Every time your customer uses Visa Checkout, the details will be changed into a token which is used for payment.
By having the details stored in the data vault, it means that your customers won’t need to enter their details every time. All they need to do is login and pay.
Some online payment gateways use tokenisation to help protect your customers when they pay online.
So, when your customers go to pay online, the website will tokenise the numbers kept on file, so that their information should be safe, even if it gets hacked. The token also can’t be switched back into the original details and can only be used by the payment processor.
At Payzone, our payment gateways also use 3D secure authentication as additional security for online payments. This means that customers will need to be asked for 3 digits from their security password to authorise payment.
Plus, with a Payzone payment gateway, you can get Masterpass Version 7 (also known as Masterpass 7) which lets you add the Masterpass button on your payment gateway.
Using a one-click payment button, they’ll be able to pay with any credit card or debit card of their choice using their Masterpass Digital Wallet.
If you’re interested in getting started with payment gateways, we can help. Our solution can be integrated to your website a number of ways and is compatible with over 50 key UK shopping carts.
They can be fully customised with your brand to match the rest of your website. With no set-up fees and a short 12-month contract available, get started with Payzone today.