How Digital Payments Work and Why They are the Most Secure

When it comes to secure digital payments (such as Apple Pay™, Google Pay™, etc.), you’ve probably heard the term “tokenization.” You know it’s more secure and helps avoid ordering new cards should fraud occur…but like many, you may think it involves some sort of wizardry behind the scenes that mere mortals will never comprehend. While it does involve a more complex process, the concept is nothing new. Below we demystify the process of how digital payment tokens work.


What is Payment Tokenization?

Tokenization simply acts as a substitute for something else. Think about when you go to an arcade and purchase tokens to play games. Outside of that business, the plastic chips or mouse-emblazed coins have zero value. But inside, just TRY prying those tokens from someone’s fist.


During digital payments, a similar transaction happens. Tokenization replaces the primary account number (PAN) with a pseudo number for use in a digital payment transaction. The randomly generated tokenization substitutes customer data with a one-time alphanumeric ID that has no connection to the account’s owner.


In fact, tokenization trumps encryption for security. Why? Because a hacker can reverse an encryption if they know the algorithm behind it. But because tokenization is completely randomized, it is not reversible. In addition, tokens are stored securely by their providers.


How Does a Merchant Process My Tokenization Payment?

Each of the steps below happen in mere split seconds to provide a safe, efficient transaction.

  1. At a merchant point of sale (POS), the customer uses their mobile device with a preloaded payment token.
  2. Using their fingerprint or passcode on their mobile device, the customer authenticates themselves. They also authorize the transaction to the terminal and verify the purchase amount.
  3. The POS terminal transmits the transaction data to the merchant acquirer bank in the form of a token.
  4. The acquirer transmits the token to the card network for authorization.
  5. Once authorized, the customer data stored in the card’s secured virtual vaults gets matched to the customer’s account number.
  6. The bank verifies the funds and either allows or declines the transaction.
  7. A successful authorization allows the merchant to receive a unique token and payment for the transaction.

The entire process happens behind the scenes and neither the customer nor the merchant needs to do any differently.

EMV Chip Cards vs. Tokenization

A few years back, credit card companies began issuing cards with EMV chips (which stands for Europay, Mastercard, and Visa). The chips provided increased security during in-person points of sale through a different transaction process that often required a password. While not foolproof, they provide greater protection against data skimmers when compared to older magnetic stripe information.

The difference between cards with EMV chips and tokenized digital wallets lies in their usage online. Physical cards with EMV chips lose their security when a customer enters their card number online or via phone orders. A digital wallet will continue to use tokenization via online orders and keep generating randomized, irreversible numbers

If you have questions about how tokenization works with you Standard Bank issued card or others, we’re happy to chat. Call our online banking experts at 1-866-856-BANK (2265) or visit one of our locations.


Apple, Apple Pay, App Store, Apple Watch, iPhone, Touch ID and Face ID are registered trademarks of Apple Inc. App Store is a registered service mark of Apple Inc.

Google, Android, Google Pay and other marks are trademarks of Google LLC.