Card-on-File Tokenization

Enhanced Protection for Online Payments

Overview

Card-on-File Tokenization(CoFT) from American Express helps secure Cardmembers’ payment credentials when they save their information online for future purchases or recurring payments by replacing the Card’s Primary Account Number (PAN) with payment token, a series of randomly generated numbers.

Payment tokens can be restricted to a specific Merchant through use of domain controls, which helps prevent its unauthorized use in the event of a data breach. Payment tokens allow Cardmembers to have a seamless payment journey and Merchants to experience revenue continuity even when a Card is replaced as CoFT enables Card information associated with the payment token to be always updated without any manual input from the Cardmember. In contrast to security or acquirer tokens, payment tokens can be used to process transactions. Using payment tokens in transactions helps increase Card Issuer’s confidence in authorizing transactions.


CoFT utilizes American Express Token Service (AETS) for provisioning and managing the lifecycle of tokens. Through its foundational platform, AETS enables Merchants, Service Providers, Technology Partners, Acquirers, and Issuers to enhance security of the digital payment environment for their customers. Our Token Services are aligned to the EMVCo* industry standards.

 

* EMVCo is the global technical body that facilitates the worldwide interoperability and acceptance of secure payment transactions by managing and evolving the EMV Specifications and related testing processes.

Benefits

Improve Authorization Rate

Use of domain controls for payment tokens can give Card Issuers greater confidence to authorize transactions.

 

Merchants who enabled Card-on-File Tokenization experienced an average uplift of 2.75% in authorization rate for tokenized transactions compared to non-tokenized transactions.*



*Based on transaction data of the top 100 US Merchants using a large payment service provider, comparing tokenized and non-tokenized card-on-file transactions on American Express issued cards in the US from May 2021 to April 2022.

Enhance Customer Experience

With Card credentials aways up-to-date, Cardmembers can continue uninterrupted through the payment process without manual input.

 

Reduce Risk Of Fraud

Payment tokens help lower the risk of fraud by preventing their unauthorized use in the event of a data breach.

Maintain Revenue Continuity

Always updated Card information helps reduce payment disruptions due to expired credentials, thereby ensuring revenue continuity.

How it Works

 

Getting Started

CoFT is available in countries where American Express Token Service is active. Click here to see the list of countries. 

  • Card Issuers - Contact your American Express Representative.
  • Merchants – Connect with your American Express representative to discuss enablement options.
  • Acquiring Partners and Service Providers – Learn more about Card-on-File Tokenization APIs. Contact your American Express representative for next steps.

Resources

Card-on-File Tokenization Overview

American Express Token Service Overview

Push Provisioning Overview

Don't Live life without it