What is payments tokenization?
Tokenisation is a tool that offers a unique opportunity to tokenise a variety of things. Traditionally, the exchange of money to facilitate payment was heavily dependent on the physical exchange of items from gold, salt, cowrie shells, and ivory to present-day notes and coins.
The digitalisation of payments opened the door to myriads of digital payment tools, systems and services. A critical issue in the digitisation of currencies is cybersecurity as attacks may be launched on digital financial data.
Tokenisation provides a solution as it obfuscates the identity of such payment transactions. Historically, tokens were used as a substitute for actual coins or banknotes; for example, bus tokens or casino tokens served as a replacement for actual money.
Today this type of physical tokenisation has taken a digital form where token serves as surrogate for digital assets. In 2001, TrustCommerce was credited with the concept of tokenisation in the quest to protect card payments.
Tokenisation can be described as a process whereby a piece of sensitive data, such as a credit card number, is replaced by a surrogate value known as a token, a unique and nonsensitive string of symbols randomly generated by an algorithm that is devoid of inherent meaning or exploitable value.
For example, tokenisation replaces the 16-digit number found on a credit or debit card (PAN) with a digital token, ensuring that consumers’ underlying account details are not readable and unusable by anyone except by authorised persons.
In a recent report, McKinsey estimates that tokenised market capitalisation could reach around US$2 trillion by 2030, excluding cryptocurrencies and stablecoins. (www.mckinsey.com/industries/financial-services/our-insights/from-ripples-to-waves-the-transformational-power-of-tokenizing-assets)
Types of tokens
There are several classifications for tokens based on their relationship to the real-world asset they symbolise. Three main types of tokens stand out; asset or security, utility currency or payment and tokens whose sole purpose is to serve as a digital means of payment. Tokenisation and encryption are two types of cryptographic methods that serve as data security tools.
Whereas tokenisation does not change the data type or length being protected, encryption does change length and data type using a key; hence, encryption is unreadable unless one has the “key”. On the other hand, tokenisation does not use a key; instead, it relies on non-decryptable information to represent secret data. Though users may use tokenisation and encryption in tandem, encryption is growing in popularity since it offers a more cost-effective and secure option.
For instance, blockchain, which is a decentralised ledger spread across a distributed network, uses tokenisation to digitally represent its inherent assets such as art, financial assets like bonds or equities, intellectual property and non-fungible tokens (NFTs). Tokenisation is used in developing a smart contract, which is an application that automatically executes when certain conditions are met.
AI models also rely on tokenisation to break down data in a manner that will make pattern detection easy. For large Language Models (LLM) to work, it extracts text into tokens, and each token is mapped to a unique numerical identifier, which makes it easy for the AI model to learn relationships based on patterns facilitated by tokens.
How does tokenisation work?
A token can be created in various ways, such as using a mathematically reversible cryptographic function with a key, a non-reversible function (hash function) and an index function that is a randomly generated number. There are four key processes in tokenisation, namely:
- Token generation (sensitive information like credit card number is converted into a string of random characters(tokens)
- Tokens used to make payments in place of actual payment information, such as a credit card number.
- Token mapping, where the token is mapped to the original data to facilitate transactions
- Upon completion of a transaction, the token can be destroyed or kept for ongoing processes such as recurring payments.
For example, if a customer makes a payment online instead of credit card details, a randomly generated token is transmitted for verification. In terms of Payment card industry (PCI) standards, retailers cannot store credit card numbers on POS terminals or in their databases after customer transactions; therefore, to be PCI compliant, such retailers can rely on tokenisation service providers.
Tokenisation comes with many benefits, such as making it harder for hackers to crack a payment system, faster transaction settlement, being a less resource-intensive process than encryption, enhancing payment security, making payments more convenient, reducing operational cost, reducing the complexity of compliance, reducing data security breaches and supporting more nimble infrastructure.
Tokenisation’s varied applications make it a critical tool today, and its relevance is growing since it is linked to the future of money.
In conclusion, digital payments come with several challenges. One ever-present one is securing such digital payments. Payment tokenisation offers a solution to secure payments, leading to trust and confidence in digital payments, which is firmly entrenched in our modern society.
>>>the writer is a Technology Innovations Consultant. He can be reached via kwami@mangokope.com