Guides
Start typing to search…

Network tokenization

Network tokenization (also called scheme tokenization) is a card network feature where the customer’s primary account number (PAN) is replaced with a network-managed token. The token travels over the standard card rails, and the card network maps it back to the underlying PAN and attaches additional per-transaction security data for the issuer.

Where it applies

Network tokenization is used for:

  • Card-on-file payments
  • Recurring payments
  • Digital wallets such as Apple Pay and Google Pay, which already use network tokens under the hood

It is not used for true one-off transactions where card details are never stored. (e.g. purchase, pre-authorization)

How it works at finby

  • finby acts as the token requester and manages network tokens in the back end.
  • You do not handle network tokens or PANs directly.
  • You store only the customer or payment method identifiers that we return in the response, depending on your integration.
  • On each charge, finby submits the network token to the card network. Routing, authorization, clearing, and settlement remain unchanged from your perspective.
  • If network tokenization is not available for a given card or region, finby falls back to using the PAN while keeping the rest of the flow the same.

In practice, this means:

  • Your integration does not change when network tokenization is enabled.
  • Reporting, reconciliation, and chargeback handling remain the same; you still see masked card details and transaction references in the usual way.

Your benefits

  • Automatic enablement: Network tokenization is automatically enabled for Embedded fields and Popup integrations. You do not need additional setup.
  • Higher approval rates: Issuers receive fresher card data and richer security signals (such as token cryptograms and token assurance data), which can reduce false declines on legitimate transactions.
  • Reduced card-not-present fraud: Tokens are restricted in how and where they can be used, which reduces the risk of stolen card data being used successfully.
  • Fewer credential updates: Network tokens are managed by the card network. When a card is reissued or renewed, finby receives a notification from the card schemes, which reduces payment failures caused by expired card credentials.
  • Lower exposure to card data: Because you never handle PANs or network tokens directly, your exposure to sensitive card data is reduced, which can make compliance and security controls easier to manage.

Updated 5 days ago