Explained: How Visa’s tokenisation works

Font Size:

It seems as if each time a new payment technology is introduced, consumer funds are laid open to greater risk of cyber theft.

Since the emergence of online shopping, payWave and other ways to make purchasing more convenient, many consumers have lost total control of their accounts, thanks to scammers and hackers.

Each year, the Reserve Bank of Australia sounds a warning that, at more than $400 million a year, the cost of online credit card fraud is too high.

Visa has recently heeded the call to beef up credit card security by devising ‘tokenisation’.

Formally known as the Visa Token Service (VTS), it enables payments to be processed without merchant systems having to access or store customers’ account numbers.

Essentially, VTS claims to add another layer of security to your transactions so hackers can’t easily pinch your banking details.

“The existing SWIFT infrastructure has been shown to have many risks, and a move towards tokenisation will reduce these risks, as there are enhanced security and auditing methods applied to each transaction,” Edinburgh Napier University computing professor Bill Buchanan told web security journal The Daily Swig.

With VTS, customer card details, such as account numbers and expiry dates, are replaced with tokens – unique digital identifiers that are not stored each time a consumer makes a purchase.

The payment system can be used to shop instore, online and from a mobile phone app.

American Express is also understood to be rolling the technology out soon, with Mastercard announcing it will also set up a tokenisation program by mid-next year, with the aim of enabling the technology on all cards by 2020.

This is how Visa tokens are created:

  • a consumer enrols their Visa account with a digital payment service (such as an online retailer or mobile wallet) by entering their primary account number (PAN), security code and other payment account information
  • the digital payment service provider requests a payment token from Visa for the enrolled account
  • Visa shares the token request with the account issuer (such as the consumer’s bank)
  • Visa shares the token with the token request for online and mobile (NFC) payment use
  • and, with the account issuer’s approval, Visa replaces the consumer’s PAN with a unique digital identifier – the token.

Once a customer initiates a payment online, instore or through the app, the digital payment service provider (e-wallet, eCommerce merchant or app) passes the token to the merchant.

The merchant sends the token to Visa’s network to begin processing the transaction. The token along with the payment card details are then sent to the card issuer for authorisation.

The issuer either accepts or declines the transaction and communicates this to Visa. If the token is accepted, the merchant’s bank receives the payment.

Payment tokens can be limited to a specific mobile device, eCommerce merchant or a limited number of purchases before expiring.

Do you have faith that this new payment system will keep your details more secure? Or do you think it will create more avenues for hackers? Have you ever been defrauded of funds from your credit card? If so, what happened?

Join YourLifeChoices today
and get this free eBook!

By joining YourLifeChoices you consent that you have read and agree to our Terms & Conditions and Privacy Policy


What to do if your bank statement reveals a dodgy deal

What to do if you believe you have been targeted.

The top three online scams you need to be cautious about

The ACCC has revealed its list of tricks most likely to catch unwary Aussies.

Scam puts smartphone users at risk

Scam risk for 95 per cent of Android users.

Written by Olga Galacho


Total Comments: 5
  1. 0

    Yes, my credit card was used without it ever leaving my purse. Somehow they got the number and made a purchase overseas. The bank alerted me and issued me with a new card and refund. I always use PayPal for internet purchases, so have no need for this technology esp. as I don’t fully understand it.

    • 0

      Similar story, obtained number somehow, bought items online but bank called me before I knew (within an hour) – refund made three days later and new card in my hand on the fourth day. Great service and I still use my credit card everyday knowing that the bank will back me 100%.

      The banks are keen for us to use these cards so make sure that when something does go wrong they fix it fast.

      In dollar value frauds on credit cards for 2017 were 0.074%, an extremely small percentage. In terms of transaction numbers 0.037% were frauds, again an extremely small number.

    • 0

      Same here, my credit card was hacked, my bank rang me up, cancelled my card and issued me with a new one. I also got the purchases made refunded – thank goodness. I always use Paypal online, but this time I made a donation to Greenpeace of $20 and bingo. I hardly use the damn thing and only have it for emergencies. The above sounds too complicated for me, I will stick with Paypal and no Credit card on the internet.

  2. 0

    I have one special card with only a little money in for on line purchases

  3. 0

    Sounds more like a “big brother” idea than a “security” idea to me. Yes I have had details of my credit card fall in to the wrong hands – decades ago. Funds returned by provider but did take a few months at that time. Have used Paypal ever since and see nothing wrong with this solution.



continue reading


US still reels from the deadly consequences of 'alternative facts'

Jennifer S. Hunt, Australian National University Every four years on January 20, the US exercises a key tenet of democratic...


Tennis stars call Australian Open quarantine 'insane' and like prison

Entitled, pampered, whingers. Elite sports professionals victims of the greatest overreaction to COVID-19 in the world. Those are the poles...

Finance News

RBA reveals why retirees have to bear the brunt of low interest rates

The Reserve Bank of Australia (RBA) knows that the negative consequences of low interest rates disproportionately affect retirees, but believes...


Blood pressure medication helps even the frailest seniors live longer

Taking blood pressure medication as prescribed helps seniors aged 65 and over people live longer. And the healthiest older people...

Estate planning & wills

Common mistakes when writing your will

It can be daunting and even overwhelming at times, but writing your will is an essential part of planning for...


Jamie Oliver’s Simple Sausage Pasta Bake

The beauty of this dish is that you can double the ingredients and make enough to freeze leftovers. It’s perfect...

Food and Recipes

Silky Vegan Chocolate Mousse

You may be sceptical about using tofu in a dessert, but I think you'll be pleasantly surprised. This silky chocolate...


What is deep sleep and how can you get more of it?

You may have heard that adults need between seven and nine hours of sleep each night. But the quality of...