8
READING TIME
Network token: what it is, how it works, and why it improves your payments
May 29, 2025
In online payments, the word “token” is everywhere. But not all tokens are the same. At Zru, we’ve been using tokenization for some time now to protect card data and make follow-up charges easier. Now, we’re adding a new feature: network tokenization (also known as scheme tokenization or network-level tokenization).
The difference isn’t just technical—it directly impacts transaction security, approval rates, and can even lower processing costs.
Find out what changes with this feature and how we manage it at Zru.
Traditional tokenization: protecting the card and enabling future charges
When a customer pays with a card on a site using Zru, we capture the data and turn it into a token—which is essentially a code. This token acts as a secure stand-in: it doesn’t expose the real card data but can be used later for additional charges.
This token:
Is generated by Zru at the time of the first payment.
Can be safely stored by the merchant: there’s no way to reverse-engineer the card number from it.
Can be reused to charge in a subscription or repeat purchase, without asking the customer to re-enter their details. In other words, the merchant sends us the token, and Zru knows which card to charge.
It’s an internal token, only used in operations between the merchant and Zru. It’s not used directly in transactions with the PSP or the card network.
This type of tokenization allows the merchant to avoid storing sensitive data, reduce PCI scope, and improve the buyer experience. It’s the go-to approach when you want to securely store a card for future charges.
What is a network token?
A network token is also a version of the real card number (PAN), but with one key difference: it’s generated directly by the card networks (like Visa or Mastercard), not by the PSP or Zru.
What’s interesting is how it behaves:
Each network token is unique to a merchant. If the same customer shops at two different stores, each store gets a different token for the same card.
But that same token can be used with multiple PSPs. That’s what makes it ideal for orchestration platforms like Zru: once the network token is generated, the merchant can use it with any PSP for future payments.
Note: as long as the PSP supports network tokens.It’s persistent: if the user’s bank issues a new card (because the old one expired, was lost, or got replaced), the token keeps working.
It improves both security and approval rates. Networks and issuers tend to treat these transactions more favorably.
Benefits of network tokens
Enabling network tokenization in Zru can noticeably improve payment performance. These are some of the benefits merchants can expect:
Higher approval rates
Card networks (Visa, Mastercard, etc.) and issuers (banks, etc.) often apply more favorable risk rules when a transaction uses a network token. Because it’s directly linked to a card (issuer) and a specific merchant, it allows for better validation of the cardholder and increases trust. This leads to higher authorization rates, especially in recurring payments or online purchases—where the risk of fraud is higher since the card isn’t physically present. In these scenarios, issuers place high value on network tokens for their ability to improve authentication and reduce risk exposure.
Fewer declines due to expired cards
When a customer loses their card or it expires, the new card usually has a different number. With network tokens, that’s not a problem: the token is automatically updated as soon as the network detects a replacement. This means you can keep charging through the same network token, without interruptions and without asking the customer to re-enter their details—something essential for businesses relying on subscriptions or stored cards.
Greater operational flexibility
The same network token can be used across different payment processors (if a processor doesn’t support it, we send the PAN directly), which makes it especially useful in orchestrated payment flows. At Zru, we store the token and apply it to each transaction according to your defined rules. There’s no need to generate multiple tokens or adapt your logic to each PSP. This simplifies operations and helps optimize routing with less friction.
Better security
Since the token is managed directly by the network, the real card number (PAN) isn’t used in future transactions. This greatly reduces exposure to fraud and potential data breaches. On top of that, the token can only be used by the merchant it was issued for, adding an extra layer of protection.
Lower transaction costs
In some cases, networks and issuers apply lower fees to transactions processed using network tokens, because they’re seen as more secure and less prone to fraud. This can result in lower processing costs—especially for merchants with high volume.
How does network tokenization work with an orchestrator like Zru?
At Zru, we manage all the infrastructure needed for merchants to work with network tokens: we request the token directly from the network (Visa, Mastercard, etc.), store it securely, and use it in charges, sending it to the appropriate PSP—if that PSP supports it.
This functionality can be activated directly from the Zru dashboard, with no need to change your integration.
Here’s how it works when a merchant uses network tokenization through Zru:
When a user enters their card details at checkout, Zru securely captures that data and sends a request to the network to generate a network token.
Once Zru receives the network token, we store it in our system.
At the time of payment, Zru routes the transaction through the PSP chosen by the merchant.
If that PSP supports network tokens, Zru sends the token.
If it doesn’t, the payment is processed without the network token.
The merchant doesn’t need to deal with Visa or Mastercard—Zru handles which PSPs support this type of token and how to route each transaction.
Putting it all together
If you use Zru, there’s no need to choose between one token type or another. You can use both. On the one hand, there’s the traditional token, which we generate so you can store a card without storing the actual card data.
And on the other hand, there are network tokens, generated directly by the card networks (Visa, Mastercard, etc.). That way, even if the card expires or gets replaced, you can keep charging. Plus, since the real card data isn’t being passed between the orchestrator, PSP, and the network, the payment process becomes more secure.
At Zru, we link that network token to the token you already use as a merchant, so you can keep using the same identifier in your charges—with no changes to your operations.
8
READING TIME
Network token: what it is, how it works, and why it improves your payments
May 29, 2025
In online payments, the word “token” is everywhere. But not all tokens are the same. At Zru, we’ve been using tokenization for some time now to protect card data and make follow-up charges easier. Now, we’re adding a new feature: network tokenization (also known as scheme tokenization or network-level tokenization).
The difference isn’t just technical—it directly impacts transaction security, approval rates, and can even lower processing costs.
Find out what changes with this feature and how we manage it at Zru.
Traditional tokenization: protecting the card and enabling future charges
When a customer pays with a card on a site using Zru, we capture the data and turn it into a token—which is essentially a code. This token acts as a secure stand-in: it doesn’t expose the real card data but can be used later for additional charges.
This token:
Is generated by Zru at the time of the first payment.
Can be safely stored by the merchant: there’s no way to reverse-engineer the card number from it.
Can be reused to charge in a subscription or repeat purchase, without asking the customer to re-enter their details. In other words, the merchant sends us the token, and Zru knows which card to charge.
It’s an internal token, only used in operations between the merchant and Zru. It’s not used directly in transactions with the PSP or the card network.
This type of tokenization allows the merchant to avoid storing sensitive data, reduce PCI scope, and improve the buyer experience. It’s the go-to approach when you want to securely store a card for future charges.
What is a network token?
A network token is also a version of the real card number (PAN), but with one key difference: it’s generated directly by the card networks (like Visa or Mastercard), not by the PSP or Zru.
What’s interesting is how it behaves:
Each network token is unique to a merchant. If the same customer shops at two different stores, each store gets a different token for the same card.
But that same token can be used with multiple PSPs. That’s what makes it ideal for orchestration platforms like Zru: once the network token is generated, the merchant can use it with any PSP for future payments.
Note: as long as the PSP supports network tokens.It’s persistent: if the user’s bank issues a new card (because the old one expired, was lost, or got replaced), the token keeps working.
It improves both security and approval rates. Networks and issuers tend to treat these transactions more favorably.
Benefits of network tokens
Enabling network tokenization in Zru can noticeably improve payment performance. These are some of the benefits merchants can expect:
Higher approval rates
Card networks (Visa, Mastercard, etc.) and issuers (banks, etc.) often apply more favorable risk rules when a transaction uses a network token. Because it’s directly linked to a card (issuer) and a specific merchant, it allows for better validation of the cardholder and increases trust. This leads to higher authorization rates, especially in recurring payments or online purchases—where the risk of fraud is higher since the card isn’t physically present. In these scenarios, issuers place high value on network tokens for their ability to improve authentication and reduce risk exposure.
Fewer declines due to expired cards
When a customer loses their card or it expires, the new card usually has a different number. With network tokens, that’s not a problem: the token is automatically updated as soon as the network detects a replacement. This means you can keep charging through the same network token, without interruptions and without asking the customer to re-enter their details—something essential for businesses relying on subscriptions or stored cards.
Greater operational flexibility
The same network token can be used across different payment processors (if a processor doesn’t support it, we send the PAN directly), which makes it especially useful in orchestrated payment flows. At Zru, we store the token and apply it to each transaction according to your defined rules. There’s no need to generate multiple tokens or adapt your logic to each PSP. This simplifies operations and helps optimize routing with less friction.
Better security
Since the token is managed directly by the network, the real card number (PAN) isn’t used in future transactions. This greatly reduces exposure to fraud and potential data breaches. On top of that, the token can only be used by the merchant it was issued for, adding an extra layer of protection.
Lower transaction costs
In some cases, networks and issuers apply lower fees to transactions processed using network tokens, because they’re seen as more secure and less prone to fraud. This can result in lower processing costs—especially for merchants with high volume.
How does network tokenization work with an orchestrator like Zru?
At Zru, we manage all the infrastructure needed for merchants to work with network tokens: we request the token directly from the network (Visa, Mastercard, etc.), store it securely, and use it in charges, sending it to the appropriate PSP—if that PSP supports it.
This functionality can be activated directly from the Zru dashboard, with no need to change your integration.
Here’s how it works when a merchant uses network tokenization through Zru:
When a user enters their card details at checkout, Zru securely captures that data and sends a request to the network to generate a network token.
Once Zru receives the network token, we store it in our system.
At the time of payment, Zru routes the transaction through the PSP chosen by the merchant.
If that PSP supports network tokens, Zru sends the token.
If it doesn’t, the payment is processed without the network token.
The merchant doesn’t need to deal with Visa or Mastercard—Zru handles which PSPs support this type of token and how to route each transaction.
Putting it all together
If you use Zru, there’s no need to choose between one token type or another. You can use both. On the one hand, there’s the traditional token, which we generate so you can store a card without storing the actual card data.
And on the other hand, there are network tokens, generated directly by the card networks (Visa, Mastercard, etc.). That way, even if the card expires or gets replaced, you can keep charging. Plus, since the real card data isn’t being passed between the orchestrator, PSP, and the network, the payment process becomes more secure.
At Zru, we link that network token to the token you already use as a merchant, so you can keep using the same identifier in your charges—with no changes to your operations.
