Securing external systems with account token substitution

What is claimed is: 1. A method comprising: in connection with a first transaction: receiving, by a merchant computer from a user device, an account identifier; transmitting, by the merchant computer to a server computer, an authorization request message, the authorization request message including the account identifier and a merchant verification value associated with the merchant computer; receiving, by the merchant computer from the server computer, an authorization response message in response to the authorization request message, the authorization response message including a first account token representing the account identifier, a token derivation key index identifying a token derivation key associated with the merchant verification value, and an indicator indicating whether the first transaction is authorized or denied, wherein the first account token is obtained using the merchant verification value and the account identifier such that the first account token is different from a second account token associated with the account identifier generated for a different merchant computer; storing, by the merchant computer, the first account token without storing the account identifier; performing, by the merchant computer, customer analytics using the first account token in lieu of the account identifier; in connection with a second transaction: transmitting, by the merchant computer, a first message including the first account token, the merchant verification value and the token derivation key index to the server computer; receiving, by the merchant computer from the server computer in response to the first message, the account identifier associated with the first account token; transmitting, by the merchant computer, a second message including the account identifier and the merchant verification value to the server computer; and receiving, by the merchant computer from the server computer in response to the second message, a second account token having a same value as the first account token. 2. The method of claim 1 , further comprising: transmitting a registration request message to the server computer, the registration request message including one or more of a merchant name, a merchant category type, a merchant location, a contact information, and an account information; and responsive to transmitting the registration request message, receiving the merchant verification value. 3. The method of claim 1 , wherein the token derivation key index is a hidden index. 4. The method of claim 1 , wherein the account identifier is identified by the server computer using the first account token and a reverse tokenization key assigned to a merchant associated with the merchant computer, wherein the reverse tokenization key is retrieved by the server computer using the merchant verification value. 5. The method of claim 1 , further comprising: storing, by the merchant computer, the second account token without storing the account identifier. 6. The method of claim 1 , further comprising: transmitting, by the merchant computer, the first account token and the merchant verification value to a support server; and receiving, by the merchant computer from the support server, a risk score associated with the first account token. 7. A merchant computer comprising: a processor and a non-transitory computer-readable storage medium coupled to the processor, the non-transitory computer-readable storage medium comprising code that, when executed by the processor, causes the processor to perform a method comprising: in connection with a first transaction: receiving, from a user device, an account identifier; generating an authorization request message in connection with a first transaction; incorporating the account identifier and a merchant verification value associated with the merchant computer in the authorization request message; transmitting, to a server computer, the authorization request message including the account identifier and the merchant verification value associated with the merchant computer; receiving, from the server computer, an authorization response message in response to the authorization request message; determining that the authorization response message includes a first account token representing the account identifier, a token derivation key index identifying a token derivation key associated with the merchant verification value, and an indicator indicating whether the first transaction is authorized or denied, wherein the first account token is obtained based on the merchant verification value and the account identifier previously transmitted by the merchant computer; storing the first account token without storing the account identifier based on the determining; performing customer analytics using the first account token in lieu of the account identifier; in connection with a second transaction: transmitting a first message including the first account token, the merchant verification value and the token derivation key index to the server computer; receiving, from the server computer in response to the first message, the account identifier associated with the first account token; transmitting a second message including the account identifier and the merchant verification value to the server computer; and receiving, from the server computer in response to the second message, a second account token having a same value as the first account token. 8. The merchant computer of claim 7 , wherein the first account token is generated using the merchant verification value and the account identifier, and wherein the first account token is generated by applying the account identifier to an encryption or hash function using a token derivation key unique for a merchant associated with the merchant computer as a parameter. 9. The merchant computer of claim 7 , wherein the method further comprises: transmitting one or more of a merchant name, a merchant category type, a merchant location, a contact information, and an account information to the server computer. 10. The merchant computer of claim 7 , wherein the method further comprises: storing the second account token without storing the account identifier. 11. The merchant computer of claim 7 , wherein the authorization response message includes a bitmap field, and wherein a bit in the bitmap field is set by the server computer upon incorporating the first account token in the authorization response message. 12. The merchant computer of claim 7 , wherein the authorization response message includes a field tag that identifies a field in the authorization response message containing the first account token. 13. The merchant computer of claim 7 , wherein the method further comprises: transmitting, the first account token and the merchant verification value to a support server associated with a fraud scoring service that provides a fraud score for the first transaction; and receiving, from the support server, a fraud score associated with the first transaction. 14. The merchant computer of claim 13 , wherein the method further comprises: receiving, from the server computer, the merchant verification value assigned to the merchant computer prior to transmitting the account identifier and the merchant verification value to the server computer. 15. A non-transitory computer-readable medium storing instructions, that when executed by a merchant computer, cause the merchant computer to: in connection with a first transaction: receive, from a user device, an account identifier; generate an authorization request message