Improving card tokenisation capability – much more than a token gesture￼
Head of Architecture
Card tokenisation is a mature and accepted solution for many payment processes today.
As customers, we have come to trust and expect the capability for payment details to be retained and re-used in a low-friction way, confident that our payment card data is being securely looked after.
Tokenisation is the process of locking sensitive payment card details securely in a ‘vault’ and providing a ‘key’ – or token – which can be used as a reference to tell a vault provider which card to use when performing a subsequent payment. Card details are locked in the vault and tokens are stored in a ‘wallet’, which could be a digital wallet in my phone, a wallet of cards in my Amazon account, or with anyone else whom I trust to look after my tokens.
Tokens are specific to the wallet for which they are generated, so even if the wallet itself is compromised, the token cannot be misused elsewhere.
Designed primarily with wallet-type use cases in mind, the tokenisation process is widely recognised and utilised, and has subsequently been extended to support additional capabilities such as subscription services and customer behaviour tracking. However, stretching the tokenisation concept to deliver new capabilities comes with its own pitfalls. For example:
- When a tokenised card is replaced with a new card, the customer is usually required to perform this replacement themselves in order to achieve continuity of service. This causes problems for subscription services, where payments may fail and need to be managed.
- Tokens are usually associated with wallets, which makes it difficult to extend capabilities outside of the wallet, or the channel in which the wallet was used. You may have a tokenised card on a merchant’s e-commerce site, but that won’t enable you to use token-based payment at the merchant’s high street stores.
- Each wallet also has its own tokens, meaning that if your payment card is, for example, in your physical wallet, loaded into your phone’s digital wallet and loaded onto a separate wearable wallet, you probably have different tokens for each. This makes it difficult, if not impossible, to recognise you as a single customer.
Bink’s payment-linking technology solves these issues. Through our partnerships with banks, our tokens can be associated with a customer’s payment accounts, rather than just their payment cards.
So not only is the customer recognised regardless of which wallet their card is used from, but card replacements are seamless and frictionless, with no customer intervention required. Through our partnerships with payment networks, Bink’s tokens are also carried as part of each transaction, rather than just in the wallet, so we can ensure that customers can be recognised and rewarded at the time they shop: every time they shop, everywhere they shop.
Tokenisation is itself not altogether new – it has long been embedded within the realm of the digital payment space. However, at Bink we are constantly looking to stretch the tokenisation concept to further improve the efficacy of our solution, and deliver frictionless loyalty to our retail partners and their customers.
Spreedly, offers a PCI-compliant vault that tokenises and secures payment methods, and is the vaulting solution used by the Bink platform.
“Storing customer payment details helps organisations like Bink deliver a great customer experience and are central to providing the frictionless experience necessary in loyalty programs. But stored cards must be protected to avoid the crisis of a breach or PCI audit. Our “universal tokens” enable our customers to transact with virtually any payment service while keeping data secure and protected,” explained Doug Fry, account manager on the Spreedly success team.