Tokenization gives your business the ability to process payments in a fast and convenient way without the need for your server to receive, manipulate, or store sensitive payment card data.
Thanks to tokens you can rely on Amazon Payment Services to handle sensitive payment card data, reducing your compliance obligations.
Tokens also enable you to offer your customers convenience options including a faster checkout experience and the effortless processing of recurring payments.
What is tokenization?
Tokenization involves generating a unique ID, called a token, to represent a set of sensitive data -- such as payment card details. By using tokens, the parties involved in a transaction can complete the transaction without exchanging sensitive data at each step.
In other words, tokenization means that, in your transaction workflow with Amazon Payment Services, you do not need to receive, store, or exchange sensitive payment card data. Instead, you process a payment by handling the token that refers to the underlying payment card.
Why use tokenization?
When you use tokenization, you remove the need to capture and store confidential financial data on your server. You can manipulate transactions using the token: you do not need to handle the underlying payment card data.
The Amazon Payment Services tokenization feature enables you to complete a transaction without ever handling or storing your customer's sensitive payment card data on your server.
Tokenization also aids future transactions. For example, thanks to tokenization customers that wish to do so can check out and pay by just confirming their card security code -- they do not need to re-enter their complete card details for every transaction.
If your customer gives us their permission, we store your customer's card details and you subsequently refer to the stored card details using a token.
Advantages of tokenization
Tokenization has the following advantages:
Integration. Tokens facilitate direct payment processing integration -- our standard and custom merchant payment page integration routes, for example, integrates directly into your website thanks to tokenization.
Compliance and security. Tokenization reduces your compliance and security burden because you do not need to store sensitive card data. Read more about PCI compliance here.
Customer experience. You can offer your customers a better user experience because your customers do not need to constantly re-enter their full payment card data. It removes the need to locate a physical card when paying, and reduces the friction involved in accidentally entering erroneous card details.
Recurring payments. Tokens facilitate recurring payments which would otherwise be difficult in practice if customers had to continuously confirm their payment card data.
Note that for some integration routes tokenization is integral to the process, but tokenization does not necessarily mean that your customer's card details are retained. Your customer's card details are only stored for future use if you use tokenization to retain your customer's card details and if your customer agrees that you do so.
What is a token?
Throughout our discussion about tokenization we will frequently refer to tokens. A token is a unique identifier, often a randomly generated string of text, that is used to refer to an underlying set of data. In the context of payment processing, a token is used to refer to payment card data -- including the long card number, the expiry date, and the name on the card.
When your server needs to transact using a customer's payment card data it sends the token ID to Amazon Payment Services. In turn, the Amazon Payment Services server looks up the card details associated with the token ID and processes the transaction using the tokenized card details.
The transaction result is passed back to your server, alongside the token ID. Your server uses the token ID to identify which transaction the results refer to.
What does Safe (Tokenization) do?
Many transactions through Amazon Payment Services will require the generation of a token. For example, our standard merchant page integration route generates a token that facilitates the transaction. In doing so we ensure that your website and server are never required to handle sensitive payment card data.
An optional, but recommended, use of tokenization is where you give your customer the option for their payment card details to be retained. When your customer returns to your website they only need to complete the 3-digit card security code to complete the transaction.
Note that saving card details through tokenization is required for certain types of transactions, including recurring billing. Consider subscription payments, for example, where you cannot rely on your customer re-entering their payment card details for every subscription payment.
As stated above, some integration routes and transactions will automatically involve tokenization simply by virtue of executing a transaction.
Where that is the case tokens are created automatically as part of the transaction flow. In other words, you create a token through the processing of a standard e-commerce transaction. This would be the normal process in our standard or custom merchant integration routes, for example.
However, under some circumstances, you may want to manipulate tokens more deliberately. For example, you may want to simply create a token without executing a transaction. To store a customer's card details for future charges, for example. Or, you may want to allow your customer to update their card details stored with Amazon Payment Services
You can read more about handling tokens on the create token page and on the update token page.
Go to the full API reference
We've given you an overview of how tokenization works. Our API reference contains important details and developers should review the full API reference for complete instructions on how to create, use, and manipulate tokens -- including relevant endpoints.
Need further help?
If you get stuck feel free to get in touch with the Amazon Payment Services team. Just message our support team at email@example.com.