Tokenisation allows you to replace a credit card number with a unique reference number so that the information held in your system cannot be compromised. Tokens can be created en masse or in real time to ensure that your data is instantly PCI-DSS compliant.


Sensitive information is stored in a secure vault, and in the case of IP Payments can be accessed through your online administration system or automated processing connections. 

Tokenisation channels

IP Payments supports tokenisation through multiple channels including:

IPP PCI channels solution v2

Tokenisation implementation scenarios

There are many scenarios to implement a tokenisation solution.

Below is a table displaying the pros and cons of the main three tokenisation implementation scenarios. This has been compiled based on our experience working with organisations across multiple industries:

  Fully on-premise Fully outsourced Hybrid tokenisation “black-box”
Complexity Most complex Easiest Easier
Upfront cost Highest High Low
Ongoing cost Highest Low High
Investment Most costly Economical Costly
Time to compliance Longest Shortest Intermediate
Compliance risk Highest Lower Intermediate
Expertise required Highest Intermediate Higher
PCI-DSS scope Largest Smallest Smaller
PCI responsibility Everything Only policies and procedures maintenance Everything outside card vault
© IP Payments

Tokenisation: practical insights from enterprise projects

Check our video about “Tokenisation: practical insights from enterprise projects” which pTokenisation-videoresents lessons learned from multiple tokenisation implementations and was prepared for the PCI London conference.

In this video, we address the top three challenges en route to tokenisation with practical insights from enterprise projects:

  • Lessons learned from multiple tokenisation implementations: from the avoidable to the ‘unforeseen’, what are the causes and consequences of budget change as projects move through their lifecycle?
  • Future proofing and the pitfalls of point solutions: how can PCI-DSS stakeholders ensure that their organisation is positioned to manage continuously evolving requirements from the business, the PCI SSC and potentially other regulators as well?
  • People, process and technology: what key questions have helped other organisations engineer successful projects and avoid costly errors?


Want to learn more about PCI-DSS or have a chat with one of our PCI-DSS experts?