TokenEx vs. Payment Processors - Evaluating Tokenization Services

TokenEx vs. Payment Processor Solutions
As the repercussions of payment data theft rise in direct proportion with the alarming frequency of successful attacks, many organizations are seeking additional methods of safeguarding their treasure trove of data. Cloud-based payment tokenization is the only security technique that ensures your sensitive data can never be stolen from your business systems—because there’s nothing to steal. By removing the data—payment, personal, private—from your systems, replacing it with non-sensitive tokens, and storing the real data in an ultra-secure cloud data vault, even when your internal systems are breached, no useful data is available to siphon off to the remote corners of the Internet.

payment tokenizationNow payment service providers (PSPs) have joined the 21st century when it comes to data security. When the PCI DSS endorsed tokenization, some payment processing companies started to incorporate their own proprietary versions of tokenization and data vaulting into their offerings. Huzzah, you say, at long last I have new options on how to safeguard my data. Perhaps, but first be sure to consider all your business requirements.

As a leader in providing a Secure Cloud Payment Tokenization, TokenEx provides an open tokenization platform with economical and flexible services.

  • TokenEx Cloud Security Platform is payment processor agnostic so you can change or add payment vendors as you see fit, whether to negotiate a better processing price, or add backup processing capability.
  • The TokenEx Cloud Security Platform tokenizes and secures all data types, including PCI, PII, NPI, FI, and HIPAA to name a few.
  • TokenEx designed its services from the very beginning as a Cloud Security Platform based on four key technologies—tokenization, encryption, data vaulting, and key management.
  • TokenEx Cloud Security Platform provides solutions to handle your payment data from omni-channel payment streams, adapting to your retail storefront, e-commerce web site, mobile payment apps, and call center virtual terminals with PIN readers.
  • Payment data stored in the TokenEx Cloud Security Platform and the associated tokens are always yours to use as you need, with no conversion strings attached—your data is always your data—and with no additional fees every time you use your tokens.

Payment Service Provider Tokenization Is Not Your Best Option

Now that many PSPs offer a form of tokenization for your business, you need to consider some critical service and support factors.

  • Tokenization is not your PSP’s core business—fast and furious transactions are their profit model, not flexibility or service.
  • PSPs only tokenize payment data, not your other sensitive data—don’t risk mixing tokenization schemes by using multiple vendors.
  • PSPs often resist returning your data to you should you want to change processors—they create stickiness by having control over your data.
  • PSPs have limited capability to adapt to your growing omni-channel payment streams—one-size solutions do not fit all organizations.

From your payment processor’s point of view, your transactions are their business. The more payments they can process and the faster they can move all their customers’ data—not just yours—the more profit they can make. Processors have traditionally resisted adding tokenization because it creates a slight latency in transaction processing—creating, swapping and storing tokens—which goes against their business model. Speed over security is their mantra. Now that PSPs are starting to offer an additional level of security with tokenization, they are keeping it simple to avoid adding overhead and complexity to their systems. This greatly minimizes the flexibility of how they can support your business. For example, they may take your payment data in batch mode, but can’t support tokenization for real-time e-commerce transactions. Or if they can, the costs per transaction—in conjunction with using their tokenization solution—add up very quickly.

Since tokenization and data vaulting are at the core of our business services, the TokenEx Cloud Security Platform is designed for secure and high performance tokenization. The microsecond latency involved in converting PAN to Token to PAN is highly optimized in our systems and has no impact on your payment processing—whether batch, real-time, or even hosted on the TokenEx Platform.

The TokenEx Cloud Security Platform provides the ultimate in flexibility for how you choose to processes your payments, letting you easily move your transaction streams among PSPs to attain lower costs and better service.
Remember that payment data is not the only sensitive information you have that is worth stealing. TokenEx can tokenize your non-payment data as well, vaulting it safely along with your PCI data. When you choose a PSP as your payment tokenization provider, you can end up with multiple tokenization vendors—payment separate from PII—and your data will be stored in different systems and with different tokenized algorithms, thus leading to the possibility of corrupted data. Not something you want to try to untangle.

How a PSP Sees Your Business
The founder and CEO of TokenEx was previously a Chief Information Security Officer (CISO) of a payment service provider, and knows from that experience that your PSP is evaluating your business two ways:

  • How can they keep your transaction processing for at least 27 months—the standard account turnover time.
  • What else can they charge you for—in addition to payment processing fees—to increase their margins.

One benefit PSPs quickly realized with their new tokenization service is that it provides a not-so-subtle way to keep your business longer. PSPs know that payment processing is a commodity, and that you are open to moving to payment processing vendors that provide lower transaction fees as well as better service. By locking your payment data in their systems with proprietary tokenization algorithms, they make your data sticky—so it is difficult for you to move your processing to other vendors.

The TokenEx Cloud Security Platform is designed for secure and high performance tokenization processing. Flexibility is our mantra. Your PSP certainly won’t provide a service such as the TokenEx Transparent Gateway, which enables you to switch among multiple PSPs with very minimal changes to your backend systems. With TokenEx’s Cloud Payment Tokenization Platform, there is no lock-in for retrieving and accessing your own data or changing your choice of payment service providers. Your data is always your data.

Look at the Total Cost of Tokenization
Measuring the cost of tokenization for processing recurring payments for a subscription model business—a streaming music service, for example—is a good way to compare the difference between a typical PSP and TokenEx. For every recurring payment transaction, a PSP typically charges a fee of $.01 to access the token vault. If the subscription business charges each of their two million customers once a month, every month of the year, that “small fee” becomes almost a quarter of a million dollars per year just to access the token vault, on top of the payment processing fee.

TokenEx, has a very different and more affordable model. The cost to create a token and store the PAN is initially a flat fee of $.03. From that point on, there are no additional fees for accessing the tokens to generate payment transactions. The difference is stark. For the same subscription model, the tokenization fee amounts to $60,000 per year for processing two million customers, twelve times a year—one quarter the amount of the PSP’s model.
Focus on Open and Interoperable for Your Tokenization

As with many aspects of technology and security, you have options when it comes to choosing your tokenization partner. Research your needs carefully and keep your focus on openness and interoperability when it comes to choosing payment processors and tokenization. Depend on a partner who focuses on security and integrating security solutions to your environment. TokenEx is committed to: Understanding your environment and which technologies best fit your needs.

  • Integrating a tokenization solution that gets as close to the point of payment data entry as possible to reduce risk and PCI scope.
  • Providing complete flexibility to maneuver between payment service providers so you can do business the way you need.
  • Providing a comprehensive solution to address security, risk, and compliance in one platform.
  • Providing an economical solution for securing your data while saving you on budget that would normally go towards arduous PCI compliance.

Ask Us How Cloud Tokenization Secures Your Business-Critical Information
Our clients depend on TokenEx to provide a complete and customizable tokenization solution for their omni-channel payment streams and PII data. The more you understand about tokenization, PCI compliance, working with payment processors, and the many ways you can protect your sensitive business data, the better decisions you’ll make. Explore this site. Do your research. Then talk with us about how we can help. Call us at 1.877.316.4544 or email us at to set up an appointment to discuss your specific challenges.

Topic(s): payments , data security , HIPAA , PCI DSS , PII , tokenization

Keep Up With Our PCI & Privacy Blog