WebsiteStatusSupportPostman workspacePricingDocumentation hub survey
Documentation
RSS feedSign up
Start typing to search…
  1. Server-to-Server, Mobile SDK, and COPYandPAY
  2. Guides

Tokenisation

Last updated: 2026-01-25

Overview

In today's digital landscape, merchants are constantly seeking ways to protect sensitive customer data and enhance their business operations. Tokenisation is a powerful tool that secures card data and enables seamless omnichannel experiences. This guide helps you understand tokenisation and choose the right type for your business needs.

Tokenisation is the process of replacing sensitive data, such as a cardholder's primary account number (PAN), with a secure token stored in a token vault. This ensures that sensitive data is not kept in the merchant's environment, reducing PCI compliance obligations and costs. In the event of a breach, sensitive data remains protected, maintaining consumer trust.

Choosing the right token

Different types of tokens serve different purposes:

  • Registration tokens:
    • Use case: eCommerce.
    • Ideal for: Online businesses looking to securely store customer card details for future purchases.
  • Network tokens:
    • Use case: eCommerce and in-store.
    • Ideal for: Global eCommerce platforms aiming to reduce fraud and improve transaction approval rates.
  • Apple Pay tokens:
    • Use case: eCommerce.
    • Ideal for: Merchants accepting online payments via Apple devices.

Registration tokens

Imagine you run an online store and want to offer your customers the convenience of one-click checkout. Registration Tokens are your solution.

Benefits

  • Simplifies PCI compliance: By removing sensitive data from your environment, registration tokens help you meet PCI compliance requirements. For example, a small online boutique avoids storing sensitive card information, reducing costs and complexities associated with securing card data.
  • Enhances security: Registration tokens reduce the risk of data breaches by not storing sensitive card data. For example, a subscription-based streaming service uses tokens instead of storing card details, making stolen tokens useless to hackers.
  • Improves customer experience: Registration tokens speed up the checkout process, making it more convenient for customers. For example, a frequent traveller completes bookings with a single click through an airline's mobile app, enhancing their experience.
  • Versatility across payment methods: Registration tokens are not limited to card payments. You can also apply them to virtual accounts (such as PayPal). This flexibility allows merchants to offer a variety of payment options while maintaining security and convenience.
  • No onboarding required: Unlike other tokenisation methods, registration tokens do not require onboarding with any vault. You register or tokenise a card and receive a UUID registration that you can use in payments. This simplifies the implementation process for merchants.
  • Deregistration capability: You can deregister registration tokens, enabling you to deactivate the tokenised card, stopping customers from using it for payments. This feature provides extra control and security for both merchants and customers.

Example

A customer shopping on your online store can save their card details securely using a registration token. The next time they shop, they can complete their purchase with one click, without having to re-enter their card details. This convenience can lead to increased customer satisfaction and loyalty.

Network tokens

Imagine you run a global eCommerce platform. You face the constant challenge of reducing fraud and ensuring high transaction approval rates. Network tokens, provided by card networks like Visa or Mastercard, can be a game-changer.

Challenges resolved by network tokens

  • Out-of-date accounts: One of the biggest challenges in eCommerce is dealing with stored card details that become unusable when cards expire or when customer lose cards or they get stolen.
    • Impact: Studies show that 35% of cardholders stop shopping after a merchant declines their card once.
    • Solution: Network tokens are proactively updated in real-time by issuing banks, making lost, stolen, or expired cards irrelevant. For subscription-based models, this ensures recurring payments continue uninterrupted, reducing costs and operational burdens of contacting consumers about expired cards.
  • Increased fraud: Merchants in the United States lost about $3.75 for every dollar of online fraud in 2022, with fraud costs increasing almost 20% compared to 2019.
    • Problem: Fraudsters target card-not-present transactions, increasing the burden on merchants.
    • Solution: Network tokens involve the issuer in the approval process, shifting risk assessment and liability from the merchant to the issuer. This reduces the cost of fraud and ensures fraud at one merchant does not impact others using the same PAN.
  • False declines: Authorisation rates often remain below 90%, with false declines causing lost sales and dissatisfied customers.
    • Impact: False declines lead to involuntary churn, especially for subscription businesses.
    • Solution: Network tokens improve acceptance rates by involving the issuer in the token approval process, ensuring seamless transactions and reducing declines due to outdated card information.
  • Card data protection: Criminals can steal payment card data at multiple points, including where customers enter it, where it's stored or transmitted.
    • Solution: Network tokens reduce the value of underlying sensitive data. Cardholder-initiated transactions require a dynamic cryptogram, making fraudulent use of stolen credentials impossible. Both merchants and consumers enjoy enhanced transaction security.
  • Too much friction: Strong Customer Authentication (SCA) requirements in Europe have made card-based payments more secure but also more cumbersome.
    • Problem: Extra security checks introduce friction, leading to declines in approval rates.
    • Solution: Network tokens enable issuers to silently authenticate cardholders using 3-D Secure, allowing for frictionless transactions without triggering challenges. Improved customer experience and high approval rates.
  • Increased costs: Merchants pay interchange fees as part of the merchant discount rate (MDR).
    • Incentive: Visa and Mastercard offer reduced interchange fees for transactions using network tokens. Visa offers up to a 10 basis point reduction for token-based transactions.
    • Impact: At high transaction volumes, these savings can be significant, making network tokens a cost-effective option for merchants.

Benefits

  • Reduces fraud: Secure tokens replace sensitive card details, reducing unauthorised use.
  • Improves authorisation rates: Involving the issuer leads to higher approval rates.
  • Enhances customer experience: Keeps card details up to date for seamless transactions.
  • Cost savings: Reduces fraud-related losses and lowers interchange fees.
  • Compliance: Helps merchants comply with PCI DSS by minimising sensitive data storage.

Tips for getting started

  1. 3-D Secure: Use 3-D Secure with network tokens to shift fraud liability to the issuer, adding an extra layer of security.
  2. Real-time account updater: Network tokens dynamically update, ensuring the most current card details.
  3. Onboarding: Onboard with each card scheme individually to fully leverage the benefits of network tokens.

Example

Consider a scenario where a criminal steals someone's card.

  • Traditional approach: The merchant must manually update the card details, leading to service interruptions and potential fraud.
  • With network tokens: The token updates automatically, ensuring uninterrupted service and minimising fraud risk.

By adopting network tokens, merchants can provide a more secure, seamless, and cost-effective payment experience for their customers.

Apple Pay tokens

Imagine you run an online store that caters to numerous Apple device users. Apple Pay Merchant Tokens (MPANs) securely link your customers' payment cards to your business through their Apple Wallet. By using MPANs, you can offer a seamless payment experience that works across multiple devices and supports recurring transactions while not tied to any single device. This ensures that even if your customers change or lose their devices, their payment information remains accessible and secure.

Benefits

  • Multi-device continuity: Hassle-free payments across all devices.
  • Device-independent recurring payments: Perfect for subscriptions or regular purchases.
  • Persistent payment information: Safeguards against device loss or theft.
  • Life cycle management tools: Track token activity and revocation status.
📘

If the card issuer supports MPAN generation, you receive an MPAN; otherwise, you receive a Device Payment Account Number (DPAN).

  • Enhanced security: Apple Pay tokens replace sensitive card details with secure tokens, reducing the risk of unauthorised use. A one-time unique dynamic security code authorises each transaction.
  • Improved customer experience: Streamlines the checkout process for Apple device users, enabling quick and easy purchases using Face ID, Touch ID, or their device passcode.
  • Increased trust: Customers trust and use payment methods known for their security and ease of use, potentially increasing your sales.

MPAN request types

  1. Automatic reload: For automatic top-ups, like adding funds to a store card.
  2. Recurring payment: For subscriptions, such as monthly streaming services.
  3. Deferred payment: For future payments, like booking a hotel room.

How to get an MPAN

Follow this guide. Ensure your card issuer supports MPAN generation.

Example

A customer shopping on your online store using their iPhone can use Apple Pay to complete their purchase with a touch or a glance. The Apple Pay token ensures that their card details are never shared with the merchant, providing a secure and convenient payment experience.

Token formats

Tokens come in two main formats:

  1. Non-card format preserving: The token format is different from the sensitive information it replaces. For example, a registration token converts into a universally unique identifier (UUID) in a random alphanumeric format.
  2. Card format preserving: The token maintains the same format as the original PAN, but the values are randomly changed. For instance, an Omni Token keeps the first 6 digits (BIN) and last 4 digits similar to the original card number. This format is useful for loyalty programs and one-click checkout payment widgets.

Token types and formats

Token typeToken formatDescriptionInteractive guide
Registration token123e4567-e89b-12d3-a456-426614174000A universally unique identifier in a random alphanumeric format.COPYandPAY | Server-to-Server
Network token654321XXXXXX7890A card format token with the first 6 and last 4 digits randomised.COPYandPAY | Server-to-Server
Apple Pay tokenEncrypted JSON objectContains encrypted payment data, including payment method and transaction identifier.COPYandPAY

Conclusion

Choosing the right tokenisation solution depends on your specific business needs. Choose a solution that meets your security needs. It should also meet PCI compliance requirements and support a strong customer experience. Tokenisation can streamline payment processing. Understanding the different types of tokens and their benefits can help you make an informed decision. Tokenisation is about securing data. It also creates a better experience for you and your customers.

Updated about 7 hours ago