This blog was originally posted on September 2, 2015 and was last updated on April 5, 2018
The introduction of tokenization into the payments ecosystem caused a shake-up in the processing chain with new actors and systems introduced to manage the lifecycle of the tokens.
One of these additions to the processing chain is the token vault. But what is a token vault, and what is its role within the token management process?
What is payment tokenization?
Payment tokenization describes the process of replacing a primary account number (PAN) with a unique payment token that is restricted in its usage, for example, to a specific device, merchant, transaction type or channel.
This means tokenization can help to secure in-store transactions made via mobile wallets across various differing payment technologies, including NFC, QR Codes or Bluetooth Low Energy (BLE). It also reduces the risk and impact of card-on-file fraud using stored credentials, enhancing the security of in-app and in-aisle payments. It can also be used to enable faster, secure account-to-account transactions, such as salary payments or utility bills.
What is a token vault?
A token vault is a secure centralized server where issued tokens, and the PAN numbers they represent, are stored securely. Security is paramount as the token vault is the only area in which the token can be mapped back to the consumer’s original card details. All token vaults, therefore, must comply with Payment Card Industry (PCI) specifications.
Managing the token vault – who has the combination?
The ongoing operation and maintenance of a token vault is managed by a token service provider (TSP). The TSP is responsible for storing PAN values in the token vault, replacing them with surrogate values to form a payment token and issuing them to token requestors.
Whose vault is it anyway?
Service providers have a choice when it comes to the management of a token vault. They can choose the services offered by the various payment schemes and outsource the management of the token vault. Alternatively, they can insource a solution and take control of the ongoing operation and maintenance of their own token vault themselves.
Managing a token vault
Whether service providers choose to insource or outsource is dependent on individual business models. By managing their own token vault, however, service providers can often reduce the long-term cost and complexity of their tokenization projects.
Whatever avenue service providers choose to go down, in this age of tokenized mobile payments, the token vault plays an integral role in ensuring that the end-user experience is secure and seamless.