In Verifi’s recently released 2024 Global Fraud and Payments Report, more than a thousand merchants shared their opinions on e-commerce payment management. Tokenization was one of the key topics, with two-thirds of the businesses reporting that they already use some form of payment tokenization as part of their checkout process. These tokens came from a variety of services – including payment gateways, acquirers, and major card networks – yet the end result was clear: more and more merchants are discovering the value of keeping sensitive cardholder data off their own systems.
Interestingly enough, there were a variety of motives for using card tokenization services. The most popular reasons?
55% – To improve their security and reduce the risk of data exposure during a breach
With tokenization, merchants don’t store credit card numbers, expiration dates, or CVV codes on their own systems. If a hacker were to successfully breach their network, all they would be able to access are unencryptable tokens. Because these tokens wouldn’t have any value for other transactions elsewhere, the impact of the breach would be much smaller.
47% – To improve payment authorization rates
When customers can select a previously used method of payment (as opposed to manually entering their credit card data for each subsequent purchase), they’re less likely to enter the numbers incorrectly. This, in turn, can boost authorization rates for merchants who use a credit card tokenization service.
42% – To foster trust with their customers
With customers paying more attention to cybersecurity (and the reliability of the merchants they trust with their credit card data), tokenization offers an extra level of reassurance that appropriate security measures are in place.
41% – To provide a better customer experience
41% – To provide a better customer experience Up to 70 percent of online shoppers are willing to abandon their carts if the checkout experience is too difficult. Removing the extra step of manually entering credit card data is one simple way to provide a better customer experience, potentially even reducing cart abandonment rates along the way.
40% – To simplify PCI compliance
The more places a merchant’s system touches credit card data, the larger their PCI audit scope. Tokenization is one way to reduce these touchpoints. In some cases, using a credit card tokenization service (along with other scope reduction strategies) can help merchants avoid the long, time-consuming SAQ-D in favor of one of the shorter compliance questionnaires.
38% – To automatically update customer card data throughout the card lifecycle
Expired cards are a common cause of failed payment authorizations. Tokenization services can automatically purge expired cards, preventing you from running a charge on a payment method that’s no longer valid.
31% – To enable card on file payments
As digital wallets become more mainstream, many merchants want to make sure they’re meeting their customers’ expectations for a streamlined checkout. Even if they’re not thinking about the security and authorization rate implications (at least, not initially), the desire to offer card on file payments as a core functionality remains a strong motivator for many merchants to get started with tokenization.
27% – To capture loyalty program-related payments
Some tokenization solutions go beyond standard purchases and refunds, allowing merchants to also issue and redeem loyalty points.
Payment Tokenization Across Small, Mid-Sized, and Large Businesses
Another interesting takeaway: large businesses were more likely to have a card tokenization service in place than small and mid-size businesses. However, tokenization doesn’t have to be a complicated solution for companies with extensive IT resources.
At Curbstone, we make remote tokenization simple. The first time you charge a customer’s card, our software creates a token for you to store instead of the physical cardholder data. From there, you can use that token any time – on any sales channel – to charge the customer’s card on file. Their credit card data doesn’t live on your system, helping you improve your security and reduce your PCI audit scope. And, you own those tokens forever – which means you maintain permanent control over your customers’ data.
Interested in a deeper look at Curbstone’s card tokenization service? Request more information here.
