Protecting sensitive data and providing a positive customer experience is of paramount importance to payment issuers, processors and merchants alike. Payment tokenization – the replacement of card numbers with a unique, randomly generated string of numbers during a transaction – has offered an effective way to achieve this objective since the early 2000s. However, with the continued growth in digital payments, the demand for tokenization has become pervasive. Further, modernization of tech stacks and greater availability of enabling tools has expanded the opportunity to accelerate tokenization.

Rise in Use Cases

Especially in developing markets, new online payments such as utility or tax bills, transport tickets and tolls, or ecommerce marketplace purchases are now ripe for tokenization.1 Its use-cases have also grown, including in-app purchases, recurring billing, and click / tap-to-pay. Issuers stand to gain by ensuring their products are flexible enough to serve these new use-cases.

• In-app Purchases: Embedded payments within apps without having customers to leave the app
• Click to Pay: Seamless payments with a click without having to enter any details manually
• Recurring Billing: Regular payments for products, from subscriptions to incremental payment plans
• Tap to Pay: Secure contactless payments made via cards, phones, watches and other devices

Global Markets Coming Online

In recent years, payments technology has expanded significantly worldwide, due in large part to cell phone affordability, increased internet security and speed, and greater access to formal financial services.6 Digital wallets will have over 5.3 billion users by 2026 – more than half the world’s population.7 The fastest-growing regions for mobile wallet expansion are Southeast Asia, Africa, and the Middle East, exemplifying the global nature of such growth8.

A Modern Tech Stack

While tokenization technology has existed since the early 2000s, today it requires complex and intricate infrastructure.9 Issuers or merchants offering tokenized payments may choose to either implement their own systems or utilize a third-party Tokenization Service Provider (TSP).10  Recent technological advancements have largely been driven by TSPs, which offer white-glove service to issuers and their merchants in enabling their cards for tokenization. However, issuers should ensure that the TSP can handle the technological complexities in Exhibit 2 before partnering with them.

Payment tokenization is the replacement of Primary Account Numbers (PAN) with a unique, randomly generated string of numbers or characters during a transaction. It involves several parties approving token requests, making the tokens interoperable and protecting the PAN across more points across the payment ecosystem. The card network (or its partner) serves as the token service provider, issuing tokens to the requestor, such as a digital wallet or merchant, with approval from the card issuer. The transaction journey is illustrated in Exhibit 3. Some of the key benefits are outlined in Exhibit 4.

The enablement journey varies across Issuers and their TSPs. Enablement can take up to several months and continues to be a hurdle in onboarding new merchants. Key reasons for the prolonged timeline are highlighted in Exhibit 5.

1. REQUIREMENTS CAPTURE & VALIDATION

1.1 Incomplete Requirements: Enablement touches several teams which may operate differently. Different teams within the issuer’s organization may have varied, and sometimes informal, approaches to defining requirements. This lack of standardization, combined with the interdependency of activities, leads to incomplete requirement capture. Consequently, this results in significant issues during testing, necessitating revisits to requirements which delay the entire program.

1.2 BINs Identification: Issuers must define BIN ranges for each token product so that they don’t overlap with each other. These ranges are identified based on the merchant setup with the Issuer. This process becomes complex when dealing with mergers and acquisitions or when a single merchant engages with multiple TSPs for different tokenization products. The lack of proper documentation and subject matter expert (SME) support often prolongs BIN discovery.

1.3 Limited Collaboration: Despite the availability of robust collaborative tools, Issuers underutilize these for shared workflows with TSPs. For example, during project kickoffs, information sharing is often handled via email, leading to a disorganized inventory of assets and excessive back-and-forth between the teams.

2. CONFIGURATION & TSP ENROLLMENT

2.1 High-Touch Platforms: Large Issuers continue to rely on legacy applications for building provisioning and credit risk rules. These applications require manual data reconciliation which is inefficient. Manual data entry also makes the configuration more prone to issues during testing, causing teams to redo the configurations.

2.2 Lack of Standardization: Merchants may have unique rules for token provisioning and authorization. This idiosyncrasy, coupled with outdated applications, forces teams to write specific codes for each merchant, which is both time-consuming and inefficient. The absence of standardized merchant settings by the issuer also stretches the configuration process.

2.3 Prioritization Issues: Issuers are usually working on several token enablement projects across merchants with a TSP at any given point in time. In the absence of a clear prioritization criteria, teams juggle multiple token enablement projects simultaneously. This slows down the momentum across all projects.

3. TESTING & GO-LIVE

3.1 Capability Gaps: Issuers rely on TSPs for testing due to lack of testing tools in-house. Specialized simulator tools are needed to test various authorization transactions (e.g., in-store, e-commerce, card on file) and require continuous investment. Since TSPs are unable to test in the production region, any production-related issues remain unnoticed until post go-live.

3.2 Siloed Resolution: Issuers who are seen triaging testing issues without adequate support from the TSP take longer to find a resolution and remediate it. Lack of accountability is another reason why issue resolutions takes forever.

3.3 Merchant Dependency: Despite Issuer and TSP completing their testing, projects cannot go live without the merchant also signing off on their test results and providing the necessary approvals. Merchant-led project delays due to resource constraints, competing projects, or mid-project de-prioritization stalls the program without clear next steps.

All told, successful implementation of the portfolio of initiatives discussed subsequently can lead to a 30 – 40% reduction in the time taken for an issuer to onboard a new merchant to a tokenization product. However, it is important for issuers to prioritize initiatives based on investment required and impact on the overall onboarding timeline. To accomplish this, we suggest starting with the non-tech opportunities – and making more significant investments in technological advancements once initial benefits have been realized.

Typical opportunities for accelerated enablement include:

1. RESOURCING & TRAINING

Some of the most apparent yet rarely well-executed initiatives require building a structured, cohesive, and well-trained enablement team. By including team members across tokenization-related functions (e.g., credit risk, product, implementation) and training them on onboarding-related tasks relevant to those functions, issuers can ensure they are efficiently deploying resources to meet the needs of customers while making little financial investment. Often, attempts at such teams lack the necessary cross-functional coverage required to manage growing complexities in risk management and product design.

2. PROCEDURES

Procedure-related initiatives are generally low-cost while yielding modest reductions on enablement timelines. These initiatives relate to procedures involving various players in tokenization onboarding (e.g., TSP, merchants, wallet-providers), as the interactions between the numerous parties often require significant back-and-forth and can cause major delays. These initiatives aim to help issuers front-load lengthy workflows, improve communication and planning with other parties, eliminate inter-team dependencies, and overall standardize the tokenization enablement process for a smooth, stream-lined experience

3. TOOLS & TECHNOLOGY

Tech-related opportunities have grown, primarily due to modernization of the underlying tech stack and greater availability of supporting tools. These opportunities generally require more significant investment of resources. These initiatives include automation (e.g., enrollment workflows), enhancing testing effectiveness and efficiency through modern testing frameworks, and more sophisticated collaboration and reporting tools. A comprehensive comparison between legacy and modern payments tokenization technology can be found in Exhibit 6.

Ensuring that you have the right platform can significantly impact overall costs and value. Organizations should evaluate platforms across:

1. DEFINING SUCCESS

Start by identifying clear goals and business outcomes the SaaS solution needs to support, ensuring you understand both current pain points and future requirements. Are you aiming to boost efficiency, reduce costs, or improve customer satisfaction? Articulate these objectives and make them specific and measurable. Perform a comprehensive needs assessment to determine which features and functionalities are essential, and whether the platform should serve customer-facing or internal users. Aligning these requirements with your strategic goals ensures the platform not only addresses immediate needs but also supports long-term business direction and scalability.

2. PLATFORM CAPABILITIES AND FLEXIBILITY

Assess how well the platform can handle growth and accommodate increasing data volumes. Also, ensure a vendor-agnostic front-end to reduce dependency on a single vendor. Consider usability to ensure ease of adoption and evaluate the platform’s training and onboarding support. Moreover, seamless integration with existing systems and robust analytics capabilities are non-negotiables, especially for gaining actionable insights.

3. SECURITY & COMPLIANCE: SAFEGUARDING YOUR BUSINESS

In today’s digital landscape, security and compliance are more than just checkboxes—they are essential to maintaining trust and protecting your business. Scrutinize the platform’s encryption standards and data protection measures. Ensure the platform complies with relevant industry regulations, safeguarding your organization from legal risks and enhancing your reputation for reliability and responsibility.

4. PRICING: VALUE BEYOND COST

A clear understanding of the platform’s pricing structure is critical to avoid unexpected expenses and ensure a good return on investment. Analyze the cost-effectiveness of subscription fees, pay-per-use options, and any hidden costs. Consider both initial implementation expenses and ongoing maintenance and support costs. A thorough evaluation of the total cost of ownership, alongside expected benefits, will help justify the investment and support long-term financial planning.

5. SUPPORT: BUILDING A RELIABLE PARTNERSHIP

A robust support system is crucial for smooth operation and maximizing the platform’s potential. Evaluate the available support channels and the vendor’s responsiveness to issues and queries. High-quality training resources and comprehensive documentation are vital for empowering users and ensuring quick adoption. Assess the platform’s uptime guarantees and disaster recovery mechanisms to ensure continuous operation and business resilience.

Opportunities, use cases, and overall volume for tokenized payments continue to grow rapidly; and yet, many issuers continue to rely on outdated technology, inefficient processes, and unfit resources. To match the pace of change in digitization, issuers, merchants, TSPs, and other players must work together to overhaul the cross-organizational tokenization experience and expedite time-to-market.

While low-cost process and people-related improvements can shorten the enablement timeline, issuers can also spearhead tokenization innovation by implementing collaboration-based tools, new system designs, automated testing and validation etc. Bolstering the business case for these changes against competing initiatives can help spur the needed investment.

At Kepler Cannon, we specialize in helping organizations align their payments tokenization products and strategies with the needs of the current market. We offer tailored approaches to assist in evaluating current systems and processes, identifying and prioritizing acceleration initiatives, and building business cases for further investment in tokenization technologies. Whether creating a new token product for existing customers or expanding to a previously untapped market, streamlining processes for efficiency and security will help enterprises prepare themselves for the future of payments tokenization.