Guides
Start typing to search…

Network tokenization

Network tokenization (also called scheme tokenization) is a card network feature where the customer’s primary account number (PAN) is replaced with a network-managed token. The token travels over the standard card rails, and the card network maps it back to the underlying PAN and attaches additional per-transaction security data for the issuer.

Where it applies

Network tokenization is used for:

  • Card-on-file payments
  • Recurring payments
  • Digital wallets such as Apple Pay and Google Pay, which already use network tokens under the hood

It is not used for true one-off transactions where card details are never stored. (e.g. purchase, pre-authorization)

How it works at finby

  • finby acts as the token requester and manages network tokens in the back end.
  • You do not handle network tokens or PANs directly.
  • You store only the customer or payment method identifiers that we return in the response, depending on your integration.
  • On each charge, finby submits the network token to the card network. Routing, authorization, clearing, and settlement remain unchanged from your perspective.
  • If network tokenization is not available for a given card or region, finby falls back to using the PAN while keeping the rest of the flow the same.

In practice, this means:

  • Your integration does not change when network tokenization is enabled.
  • Reporting, reconciliation, and chargeback handling remain the same; you still see masked card details and transaction references in the usual way.

Your benefits

  • Automatic enablement: Network tokenization is automatically enabled for Embedded fields and Popup integrations. You do not need additional setup.
  • Higher approval rates: Issuers receive fresher card data and richer security signals (such as token cryptograms and token assurance data), which can reduce false declines on legitimate transactions.
  • Reduced card-not-present fraud: Tokens are restricted in how and where they can be used, which reduces the risk of stolen card data being used successfully.
  • Fewer credential updates: Network tokens are managed by the card network. When a card is reissued or renewed, finby receives a notification from the card schemes, which reduces payment failures caused by expired card credentials.
  • Lower exposure to card data: Because you never handle PANs or network tokens directly, your exposure to sensitive card data is reduced, which can make compliance and security controls easier to manage.

Updated 26 days ago