Card-on-File Tokenization
Enhanced Protection for Online Payments
Overview
Card-on-File Tokenization(CoFT) from American Express helps secure Cardmembers’ payment credentials when they save their information online for future purchases or recurring payments by replacing the Card’s Primary Account Number (PAN) with payment token, a series of randomly generated numbers.
Payment tokens can be restricted to a specific Merchant through use of domain controls, which helps prevent its unauthorized use in the event of a data breach. Payment tokens allow Cardmembers to have a seamless payment journey and Merchants to experience revenue continuity even when a Card is replaced as CoFT enables Card information associated with the payment token to be always updated without any manual input from the Cardmember. In contrast to security or acquirer tokens, payment tokens can be used to process transactions. Using payment tokens in transactions helps increase Card Issuer’s confidence in authorizing transactions.
CoFT utilizes American Express Token Service (AETS) for provisioning and managing the lifecycle of tokens. Through its foundational platform, AETS enables Merchants, Service Providers, Technology Partners, Acquirers, and Issuers to enhance security of the digital payment environment for their customers. Our Token Services are aligned to the EMVCo* industry standards.
* EMVCo is the global technical body that facilitates the worldwide interoperability and acceptance of secure payment transactions by managing and evolving the EMV Specifications and related testing processes.
Benefits
Improve Authorization Rate
Use of domain controls for payment tokens can give Card Issuers greater confidence to authorizer transactions.
Enhance Customer Experience
With Card credentials aways up-to-date, Cardmembers can continue uninterrupted through the payment process without manual input.
Reduce Risk Of Fraud
Payment tokens help lower the risk of fraud by preventing their unauthorized use in the event of a data breach.
Maintain Revenue Continuity
Always updated Card information helps reduce payment disruptions due to expired credentials, thereby ensuring revenue continuity.
How it Works
Getting Started
CoFT is available in countries where American Express Token Service is active. Click here to see the list of countries.
- Card Issuers - Contact your American Express Representative.
- Merchants – Connect with your American Express representative to discuss enablement options.
- Acquiring Partners and Service Providers – Learn more about Card-on-File Tokenization APIs. Contact your American Express representative for next steps.