August 31, 2015
Tokenization is the new buzzword of the ecommerce industry—but what does it actually mean and how can it help merchants become more sophisticated at fighting off threats from the ever increasing number of cyber-attacks? Merchants are increasingly using tokenization not only for traditional security features but to also provide additional service benefits for their customers.
Security is top of mind for most banks, retailers and consumers. The very public attacks on major retailers have everyone wondering if there isn’t a better way to secure online transactions from cyber-attacks, and how to store payment information in a safer way for legitimate use.
Many security problems have the same root cause: Attackers got access to raw credit card information from systems owned by merchants or retailers, who saved this data with the legitimate intention to reuse it at a later point. Tokenization eliminates a merchant’s need to store customers’ payment information directly. By storing it on a payment provider’s secure and PCI compliant infrastructure, you never have to transmit sensitive information through your own systems.
So how does it work exactly? Tokenization is the foundation of a data security strategy that works by replacing sensitive data with non-sensitive equivalents, called tokens. These tokens substitute the original data with a unique identifier to keep data safe during both the initial transaction as well as repeat purchases. The payment provider stores the data for you in their secured infrastructure, so you don’t have to. Since the token references the original credit card information using a series of arbitrary values that in no way tie to the original data, it makes the process impossible to reverse engineer.
To a hacker, a token is worthless. But to merchants and consumers, they are priceless. Tokenization helps reduce risk for merchants by eliminating the need to save credit card information on merchant servers. As a result, it has become a popular way for businesses to bolster the security of credit card and e-commerce transactions while minimizing the cost and complexity of compliance with industry standards and government regulations. To protect consumers, today’s PCI standards call for vastly complex certification and infrastructure setup for businesses who actually want to store credit card numbers after a transaction. Tokenization minimizes the cost and effort associated with these regulations.
Payment solution providers issue and store the tokens and are responsible for keeping cardholder data secure. Data isn’t sent back and forth, only the tokens that represent the data. Merchants never see the customer’s credit card information, let alone store it. The result is safer online purchases for consumers and lower risk for merchants.
All aboard: Hornby Hobbies and Braintree
Hornby Hobbies, which includes such iconic brands as Hornby, Scalextric, Airfix and Corgi, has established itself as a cornerstone of British culture since patenting its first toy over 70 years ago. The company has grown dramatically over the years, most recently by expanding their retail presence online. Given the nature of their business—new replica models are often announced many months before they are shipped out—an online pre-ordering system was an essential requirement.
After investigating the ecosystem of payment providers, Hornby chose Magento and the Braintree extension as their ecommerce and payment solutions of choice. Braintree’s ability to handle pre-orders without immediately charging customer credit cards was essential to their strategy of managing long term customer relationships. As a result, because pre-ordering left customer orders open until the product shipped, Braintree’s secure tokenization gave Hornby customer service personnel the ability to adjust orders without needing to request customer credit card information. This resulted in a better customer experience and higher conversions. “Ultimately, Braintree helped us improve conversions, decrease our risk of fraud and deliver a better customer experience along the way. We couldn’t have asked for a better partner or a smoother integration,” said Richard Fletcher, Head of Digital Strategy at Hornby Hobbies.
Learn More About Braintree
Braintree, a PayPal company, helps online and mobile businesses around the world accept credit card payments by providing a merchant account, payment gateway, recurring billing and tokenized credit card storage. The Braintree Payments extension connects your Braintree Gateway account with your Magento store, so customers can quickly and easily begin accepting credit card payments.
US SALES: +1.877.511.5036
US SUPPORT: +1.877.434.2894