Evaluating Network Tokens: Are They Worth It?

If you're responsible for payments infrastructure, you've probably heard conflicting advice about network tokens. Some vendors promise dramatic authorization rate improvements, while others downplay the benefits entirely. Meanwhile, consultants offer competing perspectives, and it's difficult to find balanced, practical guidance from someone who's actually built these systems.

At Evervault, we're one of the few non-PSPs that have built a standalone network token solution from the ground up. We've helped merchants and service providers implement tokens and migrate from PSP solutions, giving us deep insight into what actually works in the real world. This post distills that experience into a practical evaluation framework you can use to decide if network tokens make sense for your business.

We'll cover the core problems network tokens solve, realistic performance expectations based on real data, how to calculate ROI for your specific situation, and the fundamental trade-offs between different implementation approaches.

This post will not cover what network tokens are and how they work. For that, you should take a look at our previous post: What are network tokens and how do they work?

What’s the point of network tokens?

Before evaluating whether network tokens are worth the investment, it's important to understand exactly what problems they solve. While the payments industry has made significant progress in security and user experience, there’s still a lot of stuff broken, especially for card-not-present (CNP) transactions. They can mostly be broken down into four categories.

Soft Declines (False Declines)

Soft declines occur when an issuer rejects a legitimate transaction, even though the customer has sufficient funds and intends to pay. Unlike hard declines, the problem isn't the card itself; it's that the issuer's risk systems are uncertain and block the payment "just in case".

You'll usually see these as decline codes like 05 (Do Not Honor) or 59 (Suspected Fraud). The impact compounds over time: lost revenue from failed legitimate purchases, higher cart abandonment rates, and strained issuer trust that can lower future authorization rates even more.

Hard Declines

Hard declines occur when the underlying card is no longer valid. Common causes include expired or reissued cards, lost or stolen cards, and account migrations.

For recurring billing and subscription models, these failures are particularly painful. Payment declines inevitably result in involuntary churn, while the surrounding retry logic and recovery workflows add significant operational complexity and degrade the customer experience. When customers need to update their payment details manually, many simply don’t bother; few people go out of their way to update a card unless they have to.

Online Payment Fraud

Even with strong encryption and secure card handling across checkout flows, card-not-present payments remain vulnerable to several fraud vectors. Attackers who acquire real PANs from breaches can attempt unauthorized transactions. Fraudsters often try the same stolen card across multiple merchants (credential replay), and compromised accounts enable card-on-file abuse.

The resulting chargebacks and fraud costs are just the beginning. Chargebacks also reduce issuer trust, which ironically increases the chances of future false declines on legitimate transactions, creating a negative cycle.

Customer Friction

Customer experience suffers when payment details fail or need to be re-entered. With PAN-based card-on-file transactions, this happens frequently because PANs expire, are reissued, or get flagged by issuers. Even worse, issuers sometimes require re-authentication of the original PAN using a 3D Secure challenge flow, even when merchant-initiated transactions should continue frictionlessly. (If you’re interested in going deeper down the 3DS rabbit hole, we’ve written extensively about it in the past.)

As a result, customers are forced to update cards mid-subscription, creating friction that feels clunky compared to modern wallet experiences like Apple and Google Pay. This significantly increases the risk of involuntary churn.

How do network tokens help?

Network tokens address declines, fraud, and friction through three core mechanisms: better credential freshness, enhanced issuer trust, and stronger transaction context.

Reducing Soft Declines

Network tokens improve issuer confidence in several ways. When a network token is provisioned, the issuer has already evaluated the legitimacy of the underlying PAN. Subsequent uses of the token provides the issuer with a second opportunity to approve the transaction, increasing the likelihood of approval compared to when the raw PAN is used for the first time.

Tokens also include additional trust signals: cryptograms, merchant binding, and metadata that provide issuers with more context than a standard PAN transaction. Since the token is cryptographically bound to the merchant (in theory—as we’ve written about previously, this in some cases is more marketing than substance), issuers can reduce false positives and approve legitimate transactions more reliably.

Here's how network tokens address specific decline scenarios:

Minimizing Hard Declines

Tokens are automatically updated via the card schemes' lifecycle management services, so merchants maintain a current, valid credential without manual intervention. This eliminates declines due to expired, replaced, or reissued cards.

Lifecycle updates include:

1. Expiry date updates: The token refreshes automatically when the underlying PAN is renewed
2. Card reissuance (same PAN, new expiry and CVV): Eliminates the need for customer re-entry
3. Fraud and loss replacement (new PAN): Tokens re-link seamlessly to a new PAN
4. Account upgrades and migrations: Token points to the upgraded card automatically
5. Status events: Tokens can be suspended, resumed, or terminated, with updates sent back to merchants

The result is fewer hard declines and higher approval rates, which is especially valuable for card-on-file and subscription models.

Mitigating Fraud and Security Risks

Network tokens reduce the risk of online payment fraud by replacing the PAN and binding tokens to specific merchants and contexts.

*A merchant-bound network token is tied to a specific merchant ID (MID). It can only be used for transactions processed by that merchant.

**A domain-bound token is tied to a specific device, browser, or app domain. It can only be used within that same technical environment.

It's important to note that tokens don't prevent all fraud, but they limit exposure to a single merchant's token rather than the underlying PAN.

Additionally, network tokens give the issuer a second chance to run a risk analysis on a transaction rather than just a point-in-time authorization with a raw PAN. They can run a risk analysis when the token is created, and when a cryptogram is generated for a subsequent transaction. This gives them a much greater surface area to build a stronger risk profile for a given transaction.

Reducing Customer Friction

The lifecycle management capabilities mean recurring payments continue without interruption. Customers don't need to manually re-enter card details after expiry or reissue. This reduces failed payments, abandoned subscriptions, and checkout friction compared to PAN-only workflows.

What’s issuer support like?

Card networks like Visa and Mastercard are moving toward near-universal adoption of network tokens. Mastercard, for example, has signaled plans to phase out manually entered PANs by 2030, with the future of payments dominated by Click-to-Pay, digital wallets, or maybe even agentic tokens.

Current Adoption Snapshot (September 2025)

Based on realtime data we’ve gathered from live transactions at Evervault, our analysis of global network token requests shows that approximately 89.9% of attempted tokenizations are fully supported by issuers, although a portion of these may still be declined for other reasons. Around 10.1% of attempts fail because the issuer does not yet support network tokens. Variance between countries was also smaller than expected, however, there were some countries without any successful network token volume.

*China (only on Visa and Mastercard rails, excluding e.g., China UnionPay)

*Russian Federation (only on Visa and Mastercard rails, excluding e.g., Mir)

What does this mean for implementation?

Even though network tokens are widely supported, adoption is not uniform across issuers or countries. To operate reliably, you should:

• Plan for PAN fallback: For every token you create, store the underlying PAN (preferably encrypted using keys stored by a PCI compliant provider). This allows you to retry transactions using the PAN if the token is unavailable or invalid.
• Use lifecycle services for recurring payments: Tools like Card Account Updater keep PANs current, avoiding involuntary churn or customer friction. At around $0.15-$0.25 per update, they typically cost more than 10x the price of network token lifecycle updates, but it may still be worth using it in fallback scenarios—especially if you can get access to services like Realtime Account Updater (RTAU) so you only ever request an update for a card you are about to process a transaction for.
• Implement robust fallback and routing logic: Ensure your payment flows can intelligently route transactions between tokens and PANs to maximize approvals.
• Monitor adoption trends: Track issuer and scheme token coverage over time. As adoption grows, you can adjust your strategy to optimize approvals and reduce fraud risk. Using a platform like Evervault means you can outsource a lot of this analysis to somebody else.

Key takeaway: Network tokens are increasingly standard and provide clear benefits, but inconsistent adoption means a fallback strategy using PANs, combined with monitoring and routing logic, is essential for reliability—especially for card-on-file and subscription use cases.

Real-world example: South African PSP Stitch Money saw their network token usage jump by 40% overnight when their largest acquirer started supporting network tokens.

Calculating potential ROI for your business

Network tokens can increase authorization rates, reduce fraud, and lower transaction fees. The actual benefit depends on your transaction volume, average transaction value (ATV), and operational costs, but you can use simple blended benchmarks to estimate ROI.

Blended Performance Benchmarks

We've combined public performance data for Visa and Mastercard to give a single illustrative benchmark:

Using a global average card mix (Visa 60%, Mastercard 40%), the blended numbers are:

• Authorization uplift: 3.96%
• Fraud reduction: 44%

You can adjust these if your business has a different card mix—more Visa or Mastercard transactions will slightly change the blended percentages.

Step 1: Estimate Revenue Uplift

Revenue uplift comes from additional transactions approved due to network tokens:

Example:

• Transaction volume: 100,000
• ATV: $50
• Current authorization rate: 90%

100,000 × $50 × 0.9 × 0.0396 ≈ $178,200

Step 2: Estimate Fraud Savings

Fraud savings result from fewer chargebacks and lost revenue:

Example assumptions:

• Fraud rate: 1% of transactions
• Chargeback fee: 25% of transaction value

100,000 × $50 × 0.01 × 0.44 × 1.25 ≈ $27,500

Step 3: Estimate Fee Savings

Interchange and processing benefits:

• Visa reports 0.10% reduction in CNP interchange fees for network tokens
• Non-tokenized transactions may incur additional fees or penalties (e.g., Visa Secure Credential Framework Fee)

100,000 transactions × $50 × 0.1% ≈ $5,000

Step 4: Subtract Costs

• Network token fees: e.g., $0.03 × Tokenized transactions
• Retry and fallback costs: Varies by PSP and PAN fallback rate
• Integration and operational costs: Optional, based on internal engineering hours

Step 5: Calculate Net ROI

Important Note on Measuring ROI

When measuring the ROI of network tokens, start with an accurate baseline. Many PSPs may already be using network tokens behind the scenes (and they’re probably charging you for it!), so it's important to ensure your benchmarks reflect truly non-tokenized transactions. Otherwise, you risk overestimating the incremental benefit of adopting network tokens.

For the blended average authorization uplift of 3.96%, roughly 2.5% of that gain typically comes from reducing hard declines. This improvement is driven by automated lifecycle management, which keeps card credentials current. However, you won't see the full effect immediately; it accumulates over time as cards naturally expire, are reissued, or replaced due to loss or fraud. As a result, you’ll need to be patient with analysing the impact of network tokens. Don’t expect any material impacts for at least 3-6 months.

Choosing a network token solution: A buyer's guide

When you start exploring network tokens, you'll quickly realize there are three main ways to implement them:

1. Use your PSP's built-in network token solution
2. Use a standalone provider (like Evervault)
3. Build your own in-house solution, directly with the card networks

Option three is rare and only viable for the very largest merchants and PSPs, but it's worth understanding so you can see where the trade-offs come from.

Key Evaluation Factors

Before comparing specific approaches, it’s important to understand these six factors that determine which model will work for your business.

1. Token Portability

Can the token be used across multiple PSPs or acquirers, or is it locked to a single processor? Portability matters if you ever want to do multi-PSP routing, switch PSPs, or avoid recollecting cards in the future.

2. TRID Ownership (Token Requestor ID)

Who owns the scheme-level relationship with Visa, Mastercard, and Amex for requesting and managing tokens? If you own the TRID, you can directly control lifecycle management (updates, refreshes, expirations). If your PSP owns it, you're dependent on them. Network token migrations, while technically possible, are an enormously painful process. Most merchants simply opt to create all of their network tokens from scratch.

3. Routing Control

Do you decide where to send transactions, or does your PSP? With routing control, you can direct traffic to the processor with the best cost or performance profile for a given card, issuer, or region. Without it, you take whatever your PSP decides.

4. Visibility and Reporting

Can you see whether a given transaction used a token or a PAN? Do you know when a token was updated, expired, or failed? Without visibility, you can't debug failures, measure ROI, or prove compliance with mandates like Visa's EU tokenization incentives (or rather, disincentives for not using tokens).

5. Cost Efficiency

Do you need to pay multiple times to tokenize the same card (e.g., once per PSP), or can you tokenize once and use that token everywhere? Costs also include ongoing per-transaction token usage fees.

6. Compliance and Regulatory Readiness

With mandates starting to roll out, especially in the EU, are you in a position to prove that you're applying tokens where available? If your PSP doesn't disclose token usage, you may be unnecessarily penalized or overcharged without realizing it.

Option A: Using Your PSP's Solution

Pros:

• Fast integration: Most PSPs (e.g., Adyen, Stripe) make their network token solutions work seamlessly out of the box. You can start using them quickly without additional setup.
• Automated decisions: PSPs usually decide when to apply tokens versus PANs. Since they process a high volume of transactions, they often know which issuers reliably accept tokens and can optimize for authorization success automatically.

Cons:

• No portability or ownership: The PSP (usually) owns the TRID and the tokens. If you ever switch PSPs, those tokens are unusable, which is especially painful if you rely on recurring billing. You would need to recollect customer card details.
• No visibility or control: You usually don't know whether a token was used or not. Most PSPs don't report on token usage, fallback logic, or failure reasons. You can't enforce a token-first strategy or debug problems.
• Limited performance data: Without metrics, you can't measure the impact of tokens on authorization rates, justify investment, or optimize retries. Tokens become a black box.
• Duplication in multi-PSP setups: If you work with multiple PSPs, you'll end up tokenizing the same card multiple times, maintaining duplicate vaults, and paying for each instance.

Best for: Merchants who plan to stay with one PSP and want the simplest possible implementation.

Option B: Using a Standalone Solution (like Evervault)

Pros:

• TRID ownership: A standalone provider provisions tokens using a TRID that belongs to you. That means you control the lifecycle and the scheme relationship, not your PSP.
• Token portability: You tokenize once and can use the same token across multiple PSPs. This avoids recollecting cards, enables multi-PSP routing, and keeps you independent of any single vendor.
• Routing control: You can choose where to send each transaction to optimize for lower costs, higher authorization rates, or fallback and retry strategies.
• Full visibility: You see whether a token was used, why it failed, and how it performed. This allows you to comply with mandates, debug edge cases, and improve your routing logic.
• Cost efficiency: You avoid duplicate tokenization fees across PSPs by centralizing your tokens in one place.

Cons:

• Integration effort: You need to integrate the standalone provider into your stack, which can be more work than enabling your PSP's built-in option.

Best for: Merchants who want multi-PSP flexibility, operate recurring or subscription models, or seek more control and visibility over how tokens are used.

Option C: Build In-House

All of the major card networks offer token services directly (Visa VTS, Mastercard SCoF, Amex AETS). In theory, you can integrate with them yourself.

Pros:

• Direct scheme integration: You own the TRID outright, giving you maximum control.
• Lowest cost: If you operate at a very large scale, there are usually no per-transaction or token fees. (Services like these are how PSPs make a lot of their gross margins.)

Cons:

• Huge operational overhead: You'll need a large payments engineering team to build and maintain the integrations.
• Compliance burden: You're responsible for certification with each scheme and ongoing PCI obligations, since you'll likely need to hold PANs.
• Limited accessibility: Networks usually only onboard extremely large merchants directly. Smaller and mid-sized merchants are often pushed to use bundled offerings like Visa's Cybersource instead.
• Ongoing maintenance: You'll need to support lifecycle events, issuer quirks, and scheme updates yourself.
• Significant volumes required: The schemes won't permit direct integrations unless you're processing substantial volumes, typically in the hundreds of millions of transactions per year.

Best for: Only the very largest merchants have the resources and appetite to manage network tokenization as a core competency.

Summary Comparison

How to Decide

• If you only ever plan to use one PSP, and simplicity is your priority, your PSP's built-in network token solution will likely be enough.
• If you want flexibility, multi-PSP routing, recurring billing stability, or visibility into performance, a standalone provider is the better option. It balances control with manageable complexity.
• If you operate at a very large scale with a deep payments team, you could consider building in-house by integrating directly with the schemes. For almost everyone else, it's not worth the overhead.

Join Us for a Deeper Dive

We've covered the fundamentals of network token evaluation, but there's much more to discuss around implementation best practices, real-world performance data, and navigating the evolving regulatory landscape.

Join Shane Curran, Evervault CEO, for our upcoming webinar where we'll explore these topics in depth, and answer your specific questions about implementing network tokens for your business.

In the webinar, you'll gain insight into:

• Why businesses adopt network tokens: real adoption trends, use cases, and which business models see the most success
• How to set realistic performance expectations: what improvements you can actually expect and the right way to measure them
• When the financials make sense: understanding volume thresholds, actual costs, and business model fit
• How to choose your approach: the fundamental trade-offs between PSP integration and external providers

Register for the webinar →