Tokenisation – An Introduction

If you are unfamiliar with some of the terminology used when talking about ecommerce and secure payments, you may be wondering what tokenisation refers to. In this post we will be exploring what it is and the benefits it can bring to your ecommerce site..

Tokenisation is the process in which sensitive information is replaced with a randomly generated unique token or symbol.

The Benefits Of Tokenisation

By replacing sensitive data, specifically customer’s card details, with a token (or reference number) it can then be securely stored and transmitted to your payment service provider. This increases the security of credit card and ecommerce payments, and crucially reduces the amount of data a business needs to retain.

PCI Compliance

If your business accepts debit or credit card payments you must comply with The Payment Card Industry Data Security Standard (PCI DSS); keeping your customer’s data safe. An important element of compliance is that you do not store cardholder data unless you need it, which presents particular issues for retailers.

Tokenisation reduces the extent of systems for which you must demonstrate PCI DSS, making it easier to comply and reducing costs. It is estimated that by using tokenisation you can cut your PCI compliance bill by more than 50%.*

Furthermore, it dramatically reduces the likelihood of a credit card breach if a retailer is compromised. The token itself has no value to a criminal as it contains no actual data; something you don’t have cannot be stolen! Instead it removes sensitive data out of your business and into your payment service provider’s PCI compliant hosting environment. An added benefit is that should a retailer be compromised there is no need for a replacement card to be issued.

Tokenisation and Customer Experience

If you want to provide a seamless payment experience for your customers the ability to store card details is advantageous; ensuring that customers do not have to enter their information every time they wish to make a payment. With tokenisation the retailer retains the token, not the card data, allowing returning customers to make further purchases without having to enter the card details again.

This is a significant benefit to retailers as well as their customers. Providing a “single-click payment” option improves customer’s experience and increases conversion rates. The token system (or single-click payment) allows repeat customers to checkout quickly and easily; as a result the merchant receives a boost in conversion rates, and a reduction in abandoned shopping baskets.

As well as improving your loyal customer’s purchasing experience, tokenisation also improves efficiency when managing refunds. Instead of requiring the customer to provide their card details for a refund to be made, the retailer can do so using the token; minimising any inconvenience to the customer, and processing the order quickly.


As with all technologies there can be some disadvantages. In the case of tokenisation speed can be a concern for some high volume sites. However in most cases this is negligible.

Data analysis can also be an issue as the process of tokenisation prevents users from seeing the data entered. However, it may not be necessary to tokenise all details. For example retaining a postcode, town /city or county will allow you to do some geographical analysis without compromising your customer’s privacy.

Additionally, the sign up or registration process to make a card payment could include fields specifically for market research purposes and, provided they comply with PCI, will not need to be tokenised.

Mobile Payments and Tokenisation

Finally, tokenisation technology can also make mobile payments more secure and convenient: a unique token can be created when consumers use their mobile phones for contactless payment. Should a mobile be lost or stolen the token can be easily and quickly disabled. Tokens can also be unique to different kind of payment methods from the same card. For example, a token created for mobile contactless payments, cannot not be used for online purchases.

We will be looking at tokenisation in more depth over the next few weeks.

Data protection and security are important issues for your customers. While you may be PCI compliant your customers may not know what this means or how it affects them. However they may trust an ecommerce security logo, even if it is homemade! In this blog we looked at research into The Value Of Trust Badges, you might like to have a look too.

* Card Store and Tokenisation