Tokenization is a technology used to protect sensitive data by replacing them with a unique combination of letters and/or numbers. This combination contains sufficient information to recover the original data in a protected environment. Thus it is possible to grant only authorised users access to these sensitive data. When these are moreover unique per account, obtaining the token will not be sufficient to use it for other accounts.
Tokenization use at Buckaroo
At Buckaroo, Tokenization can be used for payment methods that support recurring payments, such as:
- Credit Cards
- e-Mandate, followed up with SEPA Direct Debit
- iDEAL, followed up with SEPA Direct Debit
- SEPA Direct Debit authorize
The solution to be able to support this is based on a token, also called a key:
- The payer makes a payment in the secured environment of the issuer (bank or credit card company)
- The issuer shares the payment data with Buckaroo
- Buckaroo shares a token, which is a reference to the payment data, with the Merchant
- Based on the Bukaroo token, future new payments can be performed by the Merchant with the original payment method
Advantage: The privacy sensitive payment/bank data are stored by Buckaroo in its secure environment. This environment is checked by supervisors on numerous factors. The storage location of the payment data sends the Merchant a token in the push.
Example explanation of use: When the Merchant has executed a successful iDEAL transaction, this Merchant can execute a SEPA Direct Debit at a later stage based on the following message: “Perform SEPA Direct Debit using the following payment data: the token of the original iDEAL payment”.
Note with regard to token theft: Token theft by criminals is pointless. The Merchant can only use the tokens by means of the encrypted log-in method. The Merchant can also provide the customers insight in the stored data by using the token to retrieve payment data. This applies to all payment methods that support recurring payments.
Important: The payment can be reversed by the owner of the card or the bank account number, because the payer is not involved in the recurring payment. The Merchant can dispute this by submitting the administration of the services provided. The payment can also be protected with Buckaroo Credit Management.