Double Tokenization: how retailers can protect their customers’ personal data (or, how to say farewell to GDPR worries)

| May 29, 2018 | By

With the introduction of GDPR, retailers now need to work out how they handle their customers’ personal data responsibly, while at the same time maintain their personalised marketing strategies. Yoyo’s tech chief, Ali Minaei, says that tokenisation in payments has been a huge success for protecting our financial information, but by introducing a new Double Tokenisation mechanism, retailers can equally protect personal data and still deliver hyper-personalised customer experiences – and all without falling foul of GDPR rules! 

Double Tokenization: how retailers can protect their customers’ personal data

If you work in payments or financial services no doubt you have heard of the term tokenization.

For those who haven’t, tokenization is quite simply about protecting something sensitive or of high-value by representing it with something non-sensitive – aka a token.

The concept of tokenization in payments has existed for centuries, with high-value items being replaced with something that represents that value – think coins, banknotes or if you’re of the gambling persuasion, casino chips.

Then the 60s came along and a revolutionary form of tokenization was introduced to payments – the debit card/credit, which suddenly made it both more secure and convenient to pay for items rather than pulling out wads of cash.

Cut to 2018 – a time when data is now considered to be “the new oil” – the 16 digits on your card, as well as personal information (like your name, address and date of birth), have become some of the most valuable pieces of data when it comes to payment and retail experiences, both in the physical and digital worlds.

And with more and more of us shopping online or using our mobile devices to make payment, we begin to feel slight pangs of uneasiness about just how many businesses have our personal and financial details stored away somewhere, and what’s more, who could potentially get their hands on it.

With that said, as far as payments data goes it’s actually fair to say that tokenization has been successfully implemented to protect our financial data.

Tokenization in payments

Card payment

When it comes to debit or credit card tokenization, a customer’s primary account number (PAN) is replaced with a series of randomly-generated numbers (a “token”). These tokens can then be processed at the point-of sale without any personal bank details being revealed.


Of course, the above was perfectly fine until online payments came along! Now this payment token (PAN), which was supposed to be secure and protect payment data, is itself now sensitive information and has to be tokenized!

Apple Pay et al…

While not the first mobile payment offerings, when Apple Pay launched in 2014 it  legitimised mobile payment usage for many consumers and the likes of Google and Samsung soon followed suit.

When setting up Apple Pay, users take a picture of their bank card. Apple then sends the captured details to the card issuer, which then returns a series of randomly generated numbers (a “token”) that is stored onto the user’s phone. The actual card details are therefore never stored on the phone and the token is used to authorise future purchases made through Apple Pay.

Google Pay and Samsung Pay also follow similar methods

But what about our personal data?

The above are all great examples of how the payments companies and big tech giants are using tokenization to protect our financial information.

But we also live in a world where our personal data is becoming equally valuable and in need of protection.

Take our day-to-day retail expereinces. To gain access to special offers, loyalty programmes or personalised services usually requires us to enter details like our name, email and date of birth, as well as set up usernames and passwords, etc.

But over the last decade alone there have been several examples of retailers, tech companies, brands, dating sites, even credit checkers, having their customer data banks hacked and thousands of pieces of our personal information revealed to the world.

I only have to mention Playstation (2011), Yahoo (2013/14), eBay (2014), Adult Friend Finder (2016) or Equifax (2017) as a few examples of major personal data hacks to give you an idea of the scale of the issue and the damage it caused to individuals.

This makes it imperative for our personal, as well as financial data to be tokenized in a way that brings a sense of security to us consumers and helps build trust around brands and retailers.

What’s more, with the introduction of GDPR last week, it is now a legal requirement for all businesses to protect our personal data, as well as justify their need to hold on to it!

Dynamic Double Tokenization

As I said above, these days companies are pretty good at securing and tokenizing payment information. But at Yoyo, we’ve always known just how important it is to protect personal data as well. This is why we created a Double Tokenization payment mechanism, where both financial and personal data is encrypted:

Token 1 – Protecting payment data

Similar to mobile payment methods like Apple Pay, when a user signs up to Yoyo a unique token is generated to encrypt all payment details. When a transaction takes place, Yoyo makes a request to the payment provider using the token for authorisation. This token ensures that Yoyo never needs to store or transmit card information directly.

Token 2 – Protecting personal data

When a user creates a new Yoyo account, a unique user ID is issued. During a transaction, the Yoyo app will generate a unique token (QR code) which regenerates every 30 seconds to ensure the user’s identity. As well as transmitting payment authorisation, this dynamic QR code transmits the user ID through the scanner at the point-of-sale to Yoyo servers. This ensures that information is safeguarded and all user data is encrypted.

Through this uber-secure payment method, customers are able to shop at multiple retailers and enjoy the loyalty benefits of different brands and stores. They can clearly see that both their financial and personal data is kept in one secure place.

Is Double Tokenization good for retailers?

There can be several reasons why encrypting a customer’s personal data can prove troublesome for retailers.

For example, a retailer’s marketing team may want to email their customers about a new special offer, requiring first names, last names, email address etc – not really achievable if all of this data has been tokenized.

Also – how can retailers deliver personalised experiences to their customers if all their personal data is encrypted through tokenization?

Well the truth is that with Double Tokenization, retailers don’t need to know the actual identity of the person they are communicating with or providing a personalised experience to.

They only need to know the anonymised customer behaviour of “CUSTOMER 09876”. Here’s an example:

  1. Imagine a retailer wants to surprise their customers with a prize or special reward when their birthday hits
  2. An automated process can easily be put in place telling Yoyo’s servers that “when the birthday of CUSTOMER 09876 occurs, send a personalised email /SMS / in-app message with a reward based on their most common purchases over the last 12 months”.

This means retailers no longer need to worry about how they store personal data or whether it’s under threat of being hacked. But at the same time they can still deliver hyper-personalised marketing campaign activity based on individual customer behaviour.

And I’ll finish with one quick point that I know will breathe a sigh of relief into many a retailer – by not having access to their customers’ personal information, retailers who adopt Double Tokenization will not be in scope, the worry, the fear, the trouble of GDPR!