Tokenization is a security (data protection) procedure by which sensitive or otherwise valuable information can be replaced with a token. For example, in payment transactions, payment account information, such as credit card or bank account numbers, may be replaced with a token by a tokenization service provider. When an online transaction is conducted with a merchant, the payment account information may be sent securely to the merchant's service provider. The service provider can securely store the payment account information and return a token to the merchant. This way, tokenization enables merchants to accept payments via payment card accounts or bank accounts without having to store, transmit or process the sensitive payment data. If the consumer conducts a subsequent transaction with the merchant, they can select the token associated with the payment account they wish to use and complete the transaction normally. This offers the benefits to the consumer of not having to reenter payment data for each transaction, while protecting the merchant from the risk and cost of storing actual payment data for each of their customers.
Typically, transaction processing and tokenization are closely coupled services. That is, when a merchant requests a token from their service provider they typically also request that a transaction be processed by their service provider using the payment data corresponding to the token. In current systems, if a merchant were to choose to have a customer's payment data tokenized, and then utilize a different service provider to complete the transaction, the merchant would need to obtain the actual payment data to send to the different service provider. As the merchant would now be handling the actual payment data, this would defeat many of the benefits of tokenization.