Providing your customers with a simple and convenient way to make online purchases is of course essential in today's ever-expanding eCommerce marketplace.

But just as important is ensuring that the credit card information your customers provide during the payment process is as safely protected from bad actors as possible. That's where tokenization technology comes in.

Tokenization is added security that you owe both to yourself and more importantly to your customers, and will also help reduce PCI scope for PCI DSS compliance certification. This service is typically offered by third-party software, usually a PCI DSS Level 1 certified payment gateway. Meaning that you will not have access to the full credit card data, only the token.

With tokenization, sensitive credit card data is replaced with a series of randomly generated numbers—called tokens—that can be passed back and forth between a merchant and their processor during the course of a payment transaction. Typically the token will be stored with the last 4 of the credit card number and the expiration date. This data, rather than the token is displayed to the consumer during checkout to confirm the payment option selection.

Unlike data that is simply encrypted, tokens are not mathematically reversible. That's because they are created randomly. They are not produced via an algorithm as is the case with most encryption technologies. In other words, with tokenization, there is no code, as such, for a hacker to break in order to gain access to customer credit card data.

Instead, when a consumer enters a credit card number either manually or via a card reader at the point of a purchase, the card number is passed into the third-party service, who is responsible for creating and communicating the token to you. The token is stored in a payment, token or customer vault. The token in a sense will now stand in for the customer's card during the payment process.

The great advantage of tokens is they enable the payment process to proceed without the sensitive information associated with a credit card from ever being exposed. Rather, actual details like bank account numbers are safely held in the token vault, and the only person who has access to the token is you, the merchant. The third-party tokenization service takes care of encrypting and storing the credit card data securely. An important reminder: when selecting a third-party vendor, check to see if you can retrieve your data if you decide to leave and move your business to another vendor.

Think of the tokens used at an arcade.

In many ways, tokenization mimics the use of tokens in an arcade. Players in an arcade exchange something of real value—money—for something that has no real value outside the arcade—a token.

The token allows players to play games within the confines of the arcade. But once a player leaves the arcade venue, the token is of no use. It can't be exchanged for anything else of real worth.

Likewise, tokenization disguises sensitive credit card data as it is passed between a customer and a merchant's payment system. But this disguised data can't be applied to any other purpose outside of the merchant's processing platform. A hacker, for example, who would get his hands on such tokenized data would have no place to exchange it for something else. It's worthless except for its ability to facilitate secure transactions within the merchant's processing system.

Tokenization protects customers. It also benefits merchants.

Tokenization allows a merchant to take payments the way they want, including setting up subscription billing and recurring payments plans, while removing the risk and threat of this type of information from being stolen. Same goes for offering frequent returning customers a simple "one-step" checkout process.

Likewise, the added protection tokenization provides makes it much more feasible for merchants to initiate rewards programs and gift card accounts.

Tokenization limits your PCI-scope.

By reducing the number of systems within the credit card payment ecosystem that have access to a customer's card information, tokenization greatly reduces a merchant's Payments Card Industry-scope.

What can you do?

Analysis is the first step in evaluating whether you're enjoying the interchange rates your company is eligible for, get started by following the link below. Ensure your interchange fees are optimized by requesting an interchange audit and cost comparison.

Yet another reason to add this technology to your payments system.

About Qualpay

Qualpay is a fully-integrated payments platform that utilizes the most up to date technology to reduce costs and streamline back-office operations. Its comprehensive system addresses and resolves the payment challenges businesses face, ensuring a stronger, more robust infrastructure that allows companies to focus on growing their business. Qualpay's reporting intelligence and data analytics allow customers to quickly and efficiently manage their payment finances, saving them both time and money. Simply put, Qualpay provides a better way to manage payments. For more information, please visit