/f/118211/3840x3840/da24e483db/06-straight-forward.png)
Cards tokens: A Merchant Guide to Safer Card Payments
by Sonali Purohit - Product Manager Cards at Unzer
When a customer pays with a card, not all card numbers are the same.
Behind the scenes, a transaction may use either:
- FPAN – the real card number printed on the card
- DPAN – a secure, tokenized replacement for that card number
For merchants, this difference matters. It affects:
- How exposed you are to fraud
- How much card data you handle
- Your PCI compliance scope
- What happens when cards expire or are replaced
- Even your authorization rates
Understanding FPAN and DPAN helps you make smarter decisions about how you accept and store payments.
At a Glance
Key Terms
FPAN (Funding Primary Account Number)
The actual card number issued by the bank. It directly identifies the customer’s account.
DPAN (Device or Digital Primary Account Number)
A token issued by the card network that replaces the real card number in a transaction.
Think of DPAN as a secure alias for the real card number.
FPAN vs DPAN — Quick Comparison
Aspect | FPAN | DPAN |
|---|---|---|
Is it the real card number? | Yes | No |
Used in Apple Pay / Google Pay? | No | Yes |
Fraud exposure | Higher | Lower |
PCI impact | Broader scope | Reduced exposure |
What happens if card is reissued? | Merchant must update | Often updated automatically |
Common use cases | Manual entry, MOTO, fallback | Wallets, Click to Pay, tokenized CoF |
FPAN (Funding PAN)
What is it?
FPAN is the original card number printed on the card. It is directly linked to the customer’s bank account. This is the number traditionally entered at checkout.
Where is FPAN commonly used?
You’ll typically see FPAN in:
- Manual card entry in e-commerce
- Mail Order / Telephone Order (MOTO)
- Older or legacy payment setup
- Fallback situations when tokenization is not available
What this means for merchants?
Using FPAN means you are handling the real card number.
That comes with:
- Greater sensitivity if data is compromised
- Broader PCI compliance scope
- Manual effort when cards expire or are reissued
FPAN is still necessary in some situations — but it carries more operational and fraud risk compared to tokenized credentials.
DPAN (Digital PAN / Network Token)
What is it?
DPAN is a token generated by the card networks (e.g., Visa or Mastercard). It replaces the real card number in a transaction but remains securely linked to the underlying account.
There are two common types:
- Device tokens (used in Apple Pay or Google Pay)
- Network tokens (used in e-commerce and stored card setups)
Where DPAN is commonly used?
DPAN is used in:
- Apple Pay
- Google Pay
- Click to Pay
- Network-tokenized e-commerce transactions
- Card-on-File (CoF)
- Merchant-Initiated Transactions (MIT), such as subscriptions
Why DPAN is safer?
DPAN improves security in two important ways:
1. Tokenization
The real card number is not shared with the merchant.
2. Dynamic Cryptographic Data
Each transaction includes a unique cryptographic value (cryptogram). Even if intercepted, it cannot simply be reused. This gives issuers greater confidence in the transaction — which can positively influence approval rates.
How FPAN and DPAN appear in real transactions
FPAN vs DPAN – End-to-End Transaction Flow
/f/118211/624x416/ae841de90b/fpan-vs-dpan.png)
- FPAN = real card number (higher exposure)
- DPAN = token (merchant typically processes token instead of FPAN)
- DPAN appears in wallets and in network token card-on-file
Wallet Payments (Apple Pay / Google Pay)
/f/118211/1430x1066/3cafea1d1d/wallet-dpan.png)
Wallet: DPAN is provisioned to the device and used with a dynamic cryptogram
Step 1: Provisioning (token creation)
- Customer adds a card to their wallet.
- The issuer validates it.
- The network creates a device-bound DPAN.
- The token is securely stored on the device.
Step 2: Payment (authorization
- The wallet sends DPAN + cryptogram.
- The merchant passes this through unchanged.
- The issuer authorizes the transaction.
Important: The merchant never sees the real card number.
Card-on-File & Subscriptions (Network Tokens)
/f/118211/1430x1277/ecda5655a8/card-on-file.png)
CoF: Card is tokenized once; recurring payments use DPAN and may benefit from lifecycle updates
Enrollment (first-time setup)
- Customer enters their card details.
- The card is tokenized.
- The merchant stores the DPAN instead of the FPAN.
Future payments (recurring / MIT)
- Recurring or MIT transactions use the DPAN.
- If the physical card is replaced, the token is often automatically updated.
This improves payment continuity and reduces failed recurring payments.
Merchant recommendations (general)
Recommended default approach
Use DPAN by default for:
- Wallet payments
- Click to Pay
- Network-tokenized stored cards
- Subscriptions and recurring payments
This reduces fraud exposure and improves operational efficiency.
When FPAN may still be needed
- Capturing card details for the first time
- Processing MOTO or manual entry transactions
- Token fallback is required
The goal is not to eliminate FPAN — but to minimize reliance on it where safer alternatives exist.
FAQ
Does DPAN remove PCI obligations completely?
No. PCI requirements still apply. However, tokenization reduces your exposure and may reduce scope.
What happens when a customer’s card expires or is replaced?
With network tokens, updates are often handled automatically. With FPAN, you usually need the customer to provide new details.
Can DPAN be used for refunds?
Yes. Refunds and disputes work normally because the network maps the token back to the original account.
What is the difference between a device token and a network token?
A device token is tied to a specific device (e.g., a phone). A network token is tied to a merchant and used in online or recurring payments.
Why do wallet payments (Apple Pay / Google Pay) look more secure
Wallet payments usually use DPAN + dynamic cryptographic data per transaction. This makes stolen payment data much harder to reuse and typically means the merchant does not receive the real card number.
What happens if DPAN/token is not available?
You may need a fallback (depending on your setup), such as using the FPAN or re-collecting payment details. Merchants should design flows to prefer DPAN, but handle token-unavailable scenarios gracefully.
What is a dynamic cryptogram, and how do I get it?
A dynamic cryptogram is a transaction-specific security value generated for tokenized payments (commonly in Apple Pay / Google Pay). It helps prove the payment credential is genuine and reduces the risk of replay or misuse.
How you get it:
- In wallet payments, the cryptogram is generated by the customer’s device/wallet and delivered to you as part of the wallet payment payload at checkout.
- As a merchant, you typically do not generate it yourself. Your role is to capture it and pass it through unchanged in the authorization request via your PSP/gateway (using the relevant fields your integration supports).
Key Takeaways
- FPAN is the real card number.
- DPAN is a secure tokenized replacement.
- DPAN reduces fraud risk and improves lifecycle management.
- Modern payment setups should support both — but default to DPAN wherever possible.
Glossary
Glossary | Unzer Documentation
FPAN (Funding / Primary Account Number)
FPAN is the original card number issued by the cardholder’s bank and printed on a physical or virtual card. It represents the real card account and is used directly in traditional card-present and card-not-present transactions. Because FPAN is sensitive cardholder data, its storage and processing require strong PCI DSS control.
DPAN (Device / Digital Primary Account Number)
DPAN is a tokenized surrogate card number that replaces the FPAN in tokenized and wallet-based payment transactions. It is issued by card networks (such as Visa, Mastercard, and American Express) through token service providers and is typically used together with a dynamic, per-transaction cryptogram. DPAN is primarily used in Apple Pay, Google Pay, and network-tokenized e-commerce and card-on-file payments, and is not usable outside its intended context.