Tokenization
Replacing sensitive credentials with cryptographic surrogates.
Overview
Tokenization replaces sensitive account data - most commonly the PAN - with a non-sensitive surrogate value that can only be used in a specified context. Network tokens issued by Visa and Mastercard bind a token to a device, channel, or merchant, sharply reducing the value of stolen data.
The pattern is now expanding to deposits and securities, where tokenized bank deposits offer programmable, atomic settlement on shared ledgers - a key building block for the next generation of capital markets infrastructure.
Key concepts
Network tokens
Card-scheme-issued tokens that replace the PAN at the merchant, with lifecycle managed by the network.
Merchant-of-record tokens
Vault-based tokens issued by gateways and PSPs for internal use.
Tokenized deposits
Commercial bank deposits represented on a shared ledger for atomic settlement.
PCI scope reduction
Tokenization removes the PAN from the merchant environment, shrinking PCI-DSS scope and audit cost.
Sub-topics in this cluster
- Network tokens
Visa Token Service and Mastercard Digital Enablement Service.
- Tokenized deposits
Programmable commercial bank money on shared ledgers.
- Vaulting
PSP and gateway vault patterns.
- Lifecycle management
Token suspension, rotation, and credential updater.
Frequently asked
What is the difference between a network token and a vault token?+
A network token is issued and managed by the card scheme and is portable across acquirers; a vault token is issued by a gateway or PSP for its own internal use.
Does tokenization eliminate PCI scope?+
It significantly reduces it. The merchant no longer stores PANs, but other controls around the integration still apply.
Sources & References
- Visa - Visa Economic Empowerment Institute
- Mastercard - Newsroom & Research
- Stripe - Stripe Guides
- Bank for International Settlements - Payments, Clearing & Settlement
External references are cited for context and discovery. CashlessTechnology.com is not affiliated with the listed organizations unless explicitly stated.
Continue reading
Related across the knowledge graph
Cross-collection links surfaced by semantic relevance.
- How It WorksRead →
How Payment Tokenization Works
Replacing the PAN with a device- or domain-bound surrogate.
- GuideRead →
Understanding Network Tokenization
A grounded explainer of how scheme-issued tokens work, why they matter, and what merchants need to do to benefit.
- How It WorksRead →
How PCI DSS Works
The payment card industry's data security standard, demystified.
- GlossaryRead →
Vault
A secure store of tokenized payment credentials managed by a gateway or PSP.
- GlossaryRead →
Network Tokenization
Replacement of the PAN with a scheme-issued token bound to a specific device, channel, or merchant.
- TopicRead →
Digital Wallets
From Apple Pay to super apps: how tokenized credentials replaced the plastic card.
- TopicRead →
Payment Security
PCI, 3-D Secure, network tokens, and the modern defense-in-depth stack.
- GlossaryRead →
Chargeback
A consumer-initiated reversal of a card transaction processed through the network's dispute mechanism.