Last updated:April 11th, 2024

Merchants around the world are navigating the universe of tokens and tokenization. When used properly, tokenization for merchants serves a dual use:

  • it can be used to protect sensitive card data
  • it can serve as an enabler for omnichannel (eCommerce and in-store)

But before deploying tokens, it is important to understand what they are and how they work.



  • replace sensitive data such as a cardholder’s primary account number, in a secure token vault.
  • ensure that sensitive customer data is no longer stored in the merchant’s environment. This relieves the merchant from the burden of being PCI compliant which means less obligations and costs. In the event of a breach, sensitive data will not be exposed, and consumer's trust will ultimately be maintained.


Tokens can be:

  • Non-card format preserving. The token format is not the same as the sensitive information it is replacing. For instance, a Registration Token is transposed into an universal unique identifier (UUID) in a random alphanumeric format.
  • Card format preserving. The token maintains the same format as the original PAN (Primary Account Number), but the values are randomly changed. For instance, an Omni Token keeps first 6 digits (BIN or Bank Identification Number) and last 4 digits similar to the original card number. This helps merchants offering loyalty programs based on a format preserving token. This helps merchants to still use the bin for dispatching to the proper merchant account or use last 4 digits to show the tokenized cards within the one-click checkout payment widget.


There are several distinct types of tokens we support in payments, and it is important to understand the differences.

eCommerce only

Registration Tokenization is both card and non-card tokenization solution offered by VR pay Internet Gateway to replace Primary Account Numbers (PANs) or/and other (non-)card details with a generated Registration Token.

Registration Tokens

  • They are generated by the platform for a merchant operating eCommerce business.
  • They should be stored by the merchant to initiate payments.
  • They can trigger the creation of a Network Token where the card scheme provisions the token and Issuer participates in the token approval process.

See also