Network Tokenization vs Account Updater in Card Acquiring (Visa & Mastercard)

Introduction

In the card payments acquiring domain, network tokenization and account updater services are two distinct but complementary solutions aimed at improving transaction security and payment continuity. This report provides a deep dive into both concepts as implemented by Visa and Mastercard globally, targeting an audience of technical payments professionals, financial executives, and industry stakeholders.

We will explain each service's purpose and technical workings – from the token provisioning and cryptogram use in network tokens to the push/pull update models of account updaters – and analyze their impact on fraud reduction, authorization rates, and PCI compliance. A comparative analysis highlights differences in function, architecture, use cases, and business impact, and a summary table contrasts key distinctions between network tokenization and account updater services.

Network Tokenization (Visa & Mastercard)

Purpose and Overview

Network tokenization is a scheme-led solution (offered by networks like Visa and Mastercard) that replaces a card's Primary Account Number (PAN) with a unique network token for use in transactions[1]. The goal is to remove sensitive card data from the payment process and thus reduce its value to fraudsters, while still allowing the token to be used in place of the PAN for purchases[2].

Unlike a merchant's proprietary token that only substitutes the PAN on the backend, a network token (also called a payment token or DPAN) is issued by the card network and is fully transactable – it can be routed through the payment network and authorized by the issuer just like a real card number[3]. Visa's Visa Token Service (VTS)[4] and Mastercard's MDES (Mastercard Digital Enablement Service)[5] are the respective global platforms providing network tokens, aligned with the EMVCo Payment Tokenization framework[2][5].

In essence, network tokenization improves payment security and flexibility by exchanging the actual card credentials with tokens that are domain-restricted and dynamically authenticated[6].

How Network Tokenization Works (Provisioning, Domain Controls, Cryptograms)

Token Provisioning

The life cycle of a network token begins with provisioning. This occurs when a card is added to a digital wallet or a merchant's card-on-file vault and a token request is made to the network. The network's token service provider (e.g. Visa or Mastercard) generates a token that maps to the original PAN after performing issuer identification and verification (ID&V) checks to ensure the request is legitimate[7].

The token is typically a 16-digit number that looks like a normal card number but is a different value (for example, with a distinct BIN range identifying it as a token). The token and its association to the real account are stored in the network's token vault. Going forward, the merchant or wallet uses this token in transactions instead of the actual card number. This provisioning can happen one card at a time (e.g. when a customer saves their card on a website, the merchant's systems request a network token) or in bulk (batch tokenization of an existing stored card database)[8].

Domain Restriction Controls

Network tokens carry metadata that enforces where and how they can be used – these are called token domain controls. When a token is issued, it is bound to a specific "domain" such as a particular merchant, device, or use-case. For example, a token issued for a mobile wallet on a customer's phone is restricted to be used only from that device, and a token issued to a merchant for card-on-file use is restricted to that merchant's e-commerce transactions[9].

If a stolen token is attempted elsewhere, the domain checks will fail and the transaction will be declined[10]. Domain control enforcement uses token control fields in each transaction – these may include the merchant ID, the point-of-sale entry mode, or a unique transaction reference, among others, to ensure the token is being used in its intended context[11]. By constraining tokens to specific domains, cross-channel or cross-merchant fraud is prevented, as a token taken from one environment cannot be replayed in another without failing validation[10].

Cryptogram Usage

A defining technical feature of network token transactions is the use of a dynamic token cryptogram. This is a one-time cryptographic value generated for each transaction (often by the cardholder's device or by the token service) using the token and other data[12]. The cryptogram accompanies the token in the authorization request and is validated by the issuer or network, similar to how an EMV chip card transaction works[12].

If the token or transaction data had been altered or if someone tries to reuse a previous authorization message, the cryptogram verification will fail, blocking the transaction. In essence, the cryptogram ties the token to that specific transaction and provides an additional layer of authentication. This means that even if a token and its details were intercepted, they would be useless without the valid cryptogram for a new purchase[10][12]. Together, the domain restrictions and per-transaction cryptograms ensure network tokens "don't come to the party alone" – they have security companions that make them far more secure than raw card numbers[12].

Lifecycle Management

Another key aspect of network tokenization is automated account lifecycle updates. When the underlying card account changes (for instance, the card is reissued with a new number or expiration date), the issuer and network can update the token vault mapping so that the token remains usable without the cardholder or merchant needing to do anything[13].

For example, if a customer's Visa card expires and the bank issues a replacement card, Visa's token service can seamlessly update all tokens associated with that card (across merchants or wallets) to point to the new expiration date or new PAN. This feature, sometimes called account life-cycle management, ensures continuity: recurring payments using network tokens will continue authorizing because the token automatically reflects the latest account info[14]. The merchant typically doesn't even see the new PAN – they just keep using the token[15].

(By contrast, without tokenization, the merchant would have to collect the new card info or use an updater service, as discussed later.) It's worth noting that this benefit only applies if the issuer participates in the tokenization program and updates the network – but globally, issuer participation is growing rapidly[16].

Impact on Fraud Reduction and Authorization Rates

Network tokenization has had a significant positive impact on reducing fraud in card-not-present (CNP) transactions and improving authorization approval rates. Because a network token by itself is useless outside of its approved domain and without a valid cryptogram, stolen tokens are much harder for criminals to monetize.

Visa data shows that for e-commerce transactions, using network tokens reduced CNP fraud by up to 28% compared to using raw PANs – all without adding friction to the customer experience[15]. In 2023, Visa reported that tokenized payments prevented an estimated $650 million in fraud globally, reflecting how effective tokens have been in blocking unauthorized use[16].

Issuers have greater confidence approving tokenized transactions since the additional cryptogram and domain checks make the transaction more trustworthy. This contributes to higher authorization rates: Visa observed an average 3% increase in approval rates when transactions were processed with network tokens instead of PANs[17]. Similarly, Mastercard noted merchants can see approval rate uplift on the order of up to 3 percentage points thanks to network tokenization's reduced false declines and updated credentials[18].

(Some programs report issuers approving 2–7% more transactions with tokens due to the richer authentication data[19].) These improvements directly translate into higher successful sales and revenue for merchants, and a better experience for cardholders whose legitimate transactions are less likely to be wrongly declined.

Importantly, network tokens also mitigate large-scale breaches and PCI compliance exposure. Since merchants and acquirers are handling tokens (which are valueless outside their intended use) instead of actual card numbers, the impact of any data breach is limited – a leaked token cannot be used to conduct fraud at other merchants[6].

Storing tokens in place of PANs "eliminates the risk of payment credentials becoming compromised" and helps ensure PCI DSS compliance by drastically reducing the amount of sensitive data in merchants' systems[18]. In fact, both Visa and Mastercard emphasize that network tokenization lowers the PCI compliance burden for merchants, as it "removes the most valuable data to a fraudster" from the environment[20]. By not storing actual cardholder data, merchants can simplify their compliance audits and focus on securing the token data (which is still important, but less sensitive)[18].

Additionally, from a business standpoint, network tokens can reduce operational costs: some acquirers offer lower processing fees or networks provide interchange incentives for tokenized transactions given their lower fraud risk[21][22]. For instance, Visa and Mastercard have introduced slightly lower interchange rates for tokenized card-on-file transactions in certain regions (US, Europe, Australia) to encourage adoption[22]. This means using network tokenization can make transactions not only safer but sometimes cheaper for merchants and issuers.

Visa and Mastercard Implementations

Visa and Mastercard have made network tokenization a cornerstone of their global payment strategy. Visa Token Service (VTS) was launched in 2014 and underpins token issuance for Visa cards in digital wallets (like Apple Pay, Google Pay, etc.) as well as for merchant card-on-file token requests. Mastercard's MDES (introduced around the same time) serves a similar role for Mastercard-branded cards.

Both systems adhere to the EMVCo tokenization specification[4], meaning they operate in broadly similar ways – issuing EMV payment tokens with domain controls and cryptograms as described above. Each network acts as a Token Service Provider (TSP) for their own tokens, or can authorize third-party token service providers. For example, Visa and Mastercard themselves manage the token vaults that map tokens (often called DPANs) to the real account (FPAN), and they provide interfaces for token requestors (which could be merchant gateways, digital wallet providers, or large merchants) to request and use tokens.

Global adoption of network tokens has accelerated in recent years. By 2024, roughly 25–30% of all Visa and Mastercard transactions worldwide were being processed with network tokens instead of raw card numbers[16]. Visa alone had issued over 10 billion network tokens by 2023[16]. This surge is driven by the proliferation of mobile wallets and e-commerce token-on-file programs, as well as mandates in certain markets. (Notably, India's central bank mandated the use of network tokenization for storing card details online, leading to millions of tokens being created for Indian cardholders.) Both networks continuously expand tokenization to new use cases – for instance, securing IoT payments, transit systems, and more.

Visa's and Mastercard's implementations also include robust tools for participants: they offer Token Management APIs, lifecycle notifications, and reporting[23]. For example, if an issuer closes an account, that status can be communicated through the token system so the token can be deactivated or updated immediately. Issuers benefit as well: they can control and replace tokens for specific merchants or devices without forcing a cardholder to replace their physical card, which helps avoid customer disruption.

Overall, network tokenization by Visa and Mastercard has become a global best practice to enhance digital payment security and improve transaction success rates, forming an essential layer in modern card acquiring.

Account Updater Services (Visa & Mastercard)

Purpose and Overview

Account updater services are network-based programs designed to keep card-on-file information current, ensuring continuity of recurring payments or any stored card transactions when the card details change. In the normal course of business, cards expire, get reissued, or are replaced due to loss, theft, upgrades, or bank mergers – in fact, roughly one in every three cards is replaced each year for various reasons[24].

If merchants simply continue attempting transactions with outdated card numbers or expiry dates, they will face declines, leading to payment failures, customer inconvenience, and lost revenue. The purpose of an account updater (also known as card updater or credit card updater) is to provide a secure automated channel for card issuers to send updated account credentials to merchants (via their acquirers or payment processors) without involving the customer[25][26][27].

This allows businesses that store card credentials – especially those with subscription billing, memberships, or installment payment plans – to seamlessly update their records when a customer's card changes, avoiding declines and service interruptions[25][26].

Both Visa and Mastercard operate global account updater services: Visa Account Updater (VAU) and Mastercard Automatic Billing Updater (ABU). These services act as intermediaries between issuers (who know when a card account has changed) and acquirers/merchants (who need the new details). In Visa's words, VAU enables "a secure electronic exchange of account information updates between participating Visa card issuers and acquirers for credential-on-file merchants"[28]. The ultimate goal is to reduce the risk of declined transactions due to account changes – benefiting all parties by maintaining payment continuity[28].

How Account Updater Works (Push vs Pull Operational Models)

The operational flow of account updater services can be understood in a few steps. First, participating issuers (banks that issue Visa or Mastercard cards and opt in to the service) will report any relevant changes to the networks' updater database. Whenever a card is reissued (with a new number or expiry) or closed, the issuer sends the updated account number, new expiration date, account status, etc., to the network's secure vault (e.g. the VAU or ABU database)[29]. This creates a record so that the network knows, for example, that old PAN 4111...1234 has been replaced by new PAN 4111...5678 effective this month.

On the other side, merchants (or typically their acquirer/processor) query the updater service to get any updates for cards they have on file. There are two primary models for how these queries and updates occur, often referred to as "pull" vs "push":

Pull Model (Inquiry-based Updates)

In the pull scenario, the merchant (via their acquirer or gateway) initiates a request to the network's account updater for one or more card numbers to check if there are updates. This is commonly done in batch: for instance, a few days before each billing cycle, a merchant compiles a list of stored card numbers that are about to be charged (or those that are nearing expiration) and sends that list to the updater service[30].

The network then checks its issuer-provided records and "pulls" any available new card info for those accounts. The results are returned – typically within hours or a day or two for batch files – indicating which cards have changed and providing the new card number and/or expiry date[31]. The acquirer passes these back to the merchant, who updates their customer database with the new credentials.

The Visa Account Updater program historically operated in this batch inquiry mode: enrolled merchants (via acquirers) send in their on-file PANs and get back responses with updates, often within a day or two turnaround[31]. This model requires merchants to proactively identify which cards to update and when, but it can be optimized (for example, checking all cards that expired this month, or running nightly checks for any recently declined transactions due to "invalid account").

Push Model (Real-time or Subscription Updates)

In the push model, the flow is reversed: the network proactively distributes updates to subscribing parties whenever a change occurs, without a specific inquiry for that account each time. Mastercard's ABU, for example, allows acquirers/merchants to subscribe to specific card accounts or to their whole portfolio; then when an issuer updates that card in ABU, the service will immediately "push" the new details to the subscriber's endpoint[32].

Visa has also introduced a "VAU Push Priority" service in which acquirers can receive immediate update notifications (via an API or feed) as soon as issuers submit them[33]. In practice, push updates mean if a customer's card is replaced today, the merchant could get the new number almost in real-time and update the account on file before the next attempted charge.

The push model requires that the acquirer or merchant maintain a server to receive the notifications or have an API hookup listening for updates. It offers speed and efficiency – eliminating the need to send batch inquiries – but typically the merchant must explicitly enroll for push service and possibly specify which accounts or BINs to subscribe to[32].

In both cases, security and privacy are paramount. The communication of updated card data between issuers, the network, and acquirers is done through highly secure, PCI-compliant channels[34][35]. Only participating entities can access the data, and card details are transmitted in encrypted form.

By design, account updater systems require minimal involvement from cardholders – updates happen "behind the scenes" – and minimal manual work for merchants (once integrated, the process is automated). The outcome is that when the merchant goes to charge the customer's saved card, they are using the correct, current card details and the transaction authorizes successfully rather than declining for something like "account number changed" or "card expired."

Benefits for Card-on-File Merchants, Issuers, and Acquirers

Account updater services provide a clear win-win for multiple stakeholders in the payments ecosystem:

Merchants

The most obvious benefit is reducing declined transactions and lost sales. By ensuring stored card details stay up-to-date, merchants can avoid those hard declines that happen because a card has expired or been replaced. This directly translates to higher successful payment authorization rates – studies have shown merchants see measurable lifts in approvals by using account updater.

For example, one merchant (Postmates) saw about a 1.7% increase in successful transactions, adding roughly $60 million in annual revenue, by leveraging an updater service to prevent declines on outdated cards[36]. Beyond revenue, merchants also preserve customer relationships: a subscription or service isn't interrupted due to a payment failure, so customers don't experience service cancellation or have to be chased down to update card info[37][38].

This improves customer satisfaction and loyalty, as the payment experience remains seamless even when their card changes. Operationally, merchants save time and cost by not having to reach out to customers manually for new card details (which can be a costly and often unsuccessful process). In summary, account updater helps merchants minimize involuntary churn and maintain a steady revenue stream from recurring payments.

Issuers

Banks benefit because their card remains "top of wallet" for that customer's ongoing payments. If a card is reissued (say due to an upgrade or fraud replacement), the issuer wants the customer's subscriptions and on-file payments to seamlessly migrate to the new card – otherwise the customer might abandon those subscriptions or switch them to a competitor's card[39].

Account updater thus helps issuers retain transaction volume on their cards by smoothing out the transition when account numbers change. It also reduces customer service issues – the cardholder doesn't get unexpected service cancellations or decline alerts for recurring charges, leading to a better cardholder experience and fewer support calls.

From a portfolio management perspective, issuers can reissue cards (for example, upgrading a customer to a new product or replacing a compromised card) with less fear of disrupting that card's usage in digital wallets and merchant sites, especially since updates are also shared with the networks' token services for network tokens[40]. (In fact, Visa notes that issuers' updates feed into the Visa Token Vault as well[40], meaning network tokens and account updater work hand-in-hand to keep credentials current.)

Acquirers/Processors

Acquirers offering account updater capabilities strengthen their value proposition to merchants. It becomes a value-added service that can differentiate an acquirer or gateway – helping their merchants boost revenue and reduce declines[41]. Acquirers benefit from the higher successful transaction rates (earning processing fees on transactions that would have otherwise failed) and from deeper engagement with their merchants (as merchants rely on the acquirer to deliver these updates).

There may also be financial incentives: acquirers can charge a small fee for updater service or per update (often pass-through of network fees), generating additional service revenue. Overall, facilitating account updater solidifies the acquirer-merchant relationship as it proactively solves a pain point for merchants.

In terms of channels and availability, Visa and Mastercard have made their updater services available globally across regions (North America, Europe, Asia-Pacific, etc.), though participation can vary. Both networks support multiple integration methods: batch file submission, real-time API calls, and the newer push notification method[42][33].

For example, Visa's VAU supports batch file uploads or an API for acquirers to query in real-time, and also a push subscribe API for instant updates[42][33]. Mastercard's ABU similarly offers an API and file-based queries, as well as webhook-style push updates to merchants or processors that subscribe. It's worth noting that Visa's model historically required the acquirer to initiate updates (i.e. the "pull" approach via acquirers), whereas Mastercard's service early on emphasized that two-way push/pull flexibility[32]. In practice today, both Visa and Mastercard can support either model to some extent, but the exact offerings can depend on region and the acquirer's capabilities.

From a technical standpoint, implementing an account updater service means the merchant (or usually their payment gateway/processor) must handle the responses and update their stored cards database accordingly. Many large gateways and processors (e.g. Stripe, Adyen, etc.) have built-in account updater integrations, so a merchant may simply opt-in via their provider. In other cases, a merchant can connect to a third-party service (like Pagos or Spreedly) or directly to the network if they have that scale, to use these updater APIs[43].

There are typically fees per update record (for example, an acquirer might charge a few cents for each card number that is returned with updated info) – however, these costs are usually far outweighed by the revenue saved from recovered transactions[44][45].

In summary, account updaters ensure that "cards on file" stay current, which prevents avoidable payment failures. They do not change anything about how the transaction is processed (the merchant will ultimately process a normal card authorization with the new PAN), but they solve the information gap by routing updated card data from issuers to merchants in a secure, automated way.

Comparative Analysis: Network Tokenization vs. Account Updater

Network tokenization and account updater services serve different primary functions in the payments ecosystem, though both aim to improve transaction outcomes (through higher security or continuity). Here we compare the two across key dimensions:

Core Function

Network tokenization focuses on security and tokenized credentials – it replaces the card number with a secure token before and during the transaction process. Account updater focuses on data maintenance – providing updated card details to keep the traditional card-on-file credentials accurate. In other words, tokenization fundamentally changes what credential is being used (PAN → token), whereas account updater ensures the existing credential (PAN) is the correct, up-to-date one.

Architecture and Process

With network tokenization, a Token Service Provider (the network) sits in the payment flow, mapping tokens to PANs and validating cryptograms for each transaction[46]. The merchant or wallet must integrate to request tokens and include additional data (e.g. cryptogram) when transacting. It's an end-to-end framework affecting authorization messages and cardholder devices.

In contrast, account updater operates as a periodic lookup service outside the main transaction flow. It updates the data that the merchant will later use in a normal authorization, but it doesn't alter the format of the authorization request (which remains a standard card transaction with PAN). Account updater typically involves batch files or API calls on a schedule (or subscription events) separate from the transaction processing path[12][31][32].

Security Features

Network tokens have built-in security – token values are useless if stolen, thanks to domain controls that restrict their use to specific merchants or devices[9], and one-time cryptograms that must match the token and transaction details for approval[12]. This dramatically reduces fraud risk on tokenized transactions.

Account updater, on its own, does not add new security features to transactions (the updated PAN is still a real PAN). It does use secure channels to transmit data and avoids involving the consumer in sharing sensitive info, but once the merchant has the updated PAN, that PAN must be protected like any other card data. In short, network tokenization is a preventative security measure (mitigating fraud by design), whereas account updater is a convenience/continuity measure (focused on avoiding declines rather than preventing fraudulent use of data).

Impact on Fraud and Risk

Because of the above security measures, network tokenization significantly cuts down on fraudulent transactions in CNP environments. As noted, tokenized e-commerce transactions have been observed to suffer markedly less fraud – e.g. Visa saw 28% lower fraud rates with tokens[15]. In addition, if a merchant's database of network tokens is compromised, the tokens typically cannot be used elsewhere, greatly limiting breach damage[6].

Account updater doesn't directly reduce fraud from stolen data – if anything, by keeping cards valid longer, it could indirectly ensure that merchants aren't attempting charges on accounts that were closed due to fraud (thus avoiding unnecessary fraud alerts or chargebacks on old accounts). But fundamentally, account updater's value is not in fraud reduction but in preventing involuntary declines.

The two services can actually complement each other: a merchant using network tokens will inherently get updated credentials if the issuer updates the token mapping (life-cycle management), but for any issuer or card not tokenized, account updater can supply new details[47][48].

Impact on Authorization Rates

Both services improve authorization success, but through different mechanisms. Network tokenization improves approval rates by making transactions more issuer-friendly – the presence of a valid cryptogram and known token often increases issuer confidence, leading to fewer false declines[19]. Also, since network tokens are updated automatically upon reissuance, transactions aren't declined for expired cards, etc., which contributes to higher approval percentages[13][18].

Account updater directly prevents declines due to stale card info. By ensuring the merchant is charging the right card number/expiry, it eliminates the common "do not honor – invalid account" or expired card declines. Merchants see higher successful charge rates and revenue retention as a result[36]. However, account updater doesn't intrinsically make an authorization more likely to be approved beyond avoiding those specific error conditions.

In contrast, network tokenization can also address fraud-related declines (since issuers see lower risk), so it attacks the decline problem from multiple angles (fraud and lifecycle). Studies from the networks highlight that each can add a few percentage points to approval rates, and using both together covers more scenarios[47][49].

PCI Compliance and Data Storage

With network tokenization, merchants ideally never store actual PANs at all – they store tokens, which are not considered full cardholder data outside their domain. This significantly shrinks a merchant's PCI DSS scope and liability[20][18]. The sensitive PAN-to-token mapping is handled by the network's secure vault.

Account updater, on the other hand, assumes the merchant is storing card numbers (since it's updating them). So while account updater helps keep that stored data accurate, it does not reduce PCI scope – the merchant still holds real card data that must be protected and validated under PCI rules. In fact, merchants using account updater need to be particularly vigilant about security, because they are often storing large numbers of customer card records.

In summary, network tokenization = PAN never touches merchant database (if implemented fully), whereas account updater = PAN is stored, but kept current.

Use Cases and Scenarios

Network tokenization shines in digital-first payment use cases – mobile wallets, e-commerce, in-app payments, wearables, etc., where leveraging device-level security and replacing static card numbers yields big fraud benefits. It's also increasingly used for on-file credentials at online merchants (via token-on-file programs), and even for in-store contactless (the same technology powers Apple Pay and Google Pay tokens for NFC). Some markets mandate tokenization for stored credentials (e.g. India as mentioned), making it not just a best practice but a requirement.

Account updater is most relevant for recurring billing models and subscription services (e.g. streaming subscriptions, utility bills, gym memberships) or any merchant that saves customer card details for convenience (online retailers with one-click checkout, rideshare apps, etc.). It addresses the reality that cards have a lifecycle.

Notably, if a merchant is fully on network tokenization for all cards on file, the need for account updater diminishes for those accounts (since the network keeps the token updated). But in practice, not all issuers or cards might be tokenized, so updater services are a crucial safety net. Many merchants will employ both: use network tokens whenever possible, and still use account updater for any cases where they only have PANs or where an issuer isn't keeping the token updated[47][49].

Business Impact and Costs

From a cost perspective, account updater services often have per-update fees (either charged by networks or by processors to merchants). These fees are generally small (for example, a few cents per update, or a monthly service fee), but it is an additional cost of running a card-on-file business.

Network tokenization may involve some upfront integration effort (becoming a token requestor or working with a gateway that supports it), but networks are incentivizing adoption by lowering costs on tokenized transactions (e.g. interchange benefits)[22] and some acquirers even offering reduced processing fees due to the lower fraud risk[21].

So, while account updater directly saves revenue by preventing lost sales and might cost a bit per update, network tokenization can both save revenue (by improving approvals and reducing fraud losses) and possibly save costs through fee incentives. Both have positive ROI in different ways: account updater stops revenue leakage from declines, network tokenization stops revenue leakage from declines and fraud and can reduce fraud expense (chargebacks, etc.) as well.

The two services are not mutually exclusive; indeed, they are often complementary. Many in the industry recommend using both in tandem for an optimal outcome[50][47]. Account updater ensures you have the latest PAN when needed, and network tokenization ensures that whether it's the original or updated PAN, it's used in the most secure form possible. Until network tokens are universally accepted and every issuer and merchant is on board, account updater provides a crucial bridge to keep legacy card-on-file processes running smoothly[51]. Conversely, as tokenization coverage grows, the dependence on receiving raw PAN updates should diminish over time.

Conclusion

In summary, network tokenization and account updater services are two pivotal solutions in modern card acquiring, each addressing different challenges. Network tokenization is fundamentally about security and innovation – transforming the way card data is handled by substituting tokens that confine where and how the credential can be used, thereby slashing fraud and boosting approval rates through richer transaction data[15][17]. It also has the side benefit of automatically handling account changes via token life-cycle management, which contributes to frictionless customer experiences when cards are renewed[13].

Account updater services, by contrast, are about reliability and continuity – a behind-the-scenes utility that keeps the wheels of commerce turning by ensuring that recurring payments and saved card transactions don't stumble on outdated information[28][36]. They spare merchants and customers from the disruption of declined transactions due to card reissuance, preserving revenue and convenience.

For Visa and Mastercard, both services are central to their global strategy of improving digital payment performance. Visa and Mastercard tokens (VTS, MDES) have rapidly grown, now powering a significant share of e-commerce and mobile payments with demonstrable gains in security and approvals[16][15]. Concurrently, Visa's VAU and Mastercard's ABU continue to be invaluable for merchants to maintain up-to-date billing info, with expanded capabilities like real-time push updates to meet the needs of always-on commerce[33][32].

Rather than choosing one over the other, many organizations deploy both: network tokenization to maximize security and authorization rates, and account updater as a safety net for any scenario where a PAN must be stored or where not all issuers/token requestors are enabled[47].

As the payments industry evolves, we may see a future where network tokenization becomes ubiquitous – possibly reducing the need for separate account updater processes as tokens inherently carry updated info. Until then, leveraging the strengths of each service in tandem is the best practice.

Technical teams and payment strategists should ensure they understand how to integrate tokenization (including handling cryptograms and domain controls) and how to use account updater feeds or APIs effectively. When implemented properly, these programs lead to reduced fraud, higher authorization rates, lower compliance overhead, and improved customer retention – outcomes that benefit issuers, acquirers, merchants, and cardholders alike[15][37].

The combination of network tokens and account updaters exemplifies how the payment ecosystem is tackling both security and continuity, making digital payments safer and more seamless on a global scale.

Sources

1. Tokenization Revolution white paper 11.08.2024 v2
2. EMV® Payment Tokenisation: What, Why and How | EMVCo
3. About Network Tokenization
4. Visa Tokens eBook: Tokenization - What it is and why it matters
5. Network Tokens, What Are They Good For?
6. Network Tokenization and Account Updater – Spreedly Help Center
7. What is a credit card account updater (CAU)? | Stripe
8. Visa Account Updater Overview
9. Account Updater | How to Automatically Update Credit Card Info
10. Not One or the Other, But Both: Using Account Updater and Network Tokenization to Optimize Payments Performance | Pagos Blog

‍