- Getting Started
- Tutorials
- Reference
- API Reference
- Basic Payment
- Forex
- Authentication
- Card Account
- Apple Pay
- Virtual Account
- Bank Account
- Token Account
- Customer
- Billing Address
- Merchant Billing Address
- Shipping Address
- Merchant Shipping Address
- Corporate
- Recipient
- Merchant
- Marketplace & Cart
- Airline
- Lodging
- Passenger
- Tokenization
- Recurring Migration
- 3D Secure
- Custom Parameters
- Async Payments
- Webhook notifications
- Job
- Risk
- Point of Sale
- Response Parameters
- Card On File
- Chargeback
- Transaction Workflows
- Result Codes
- Brands Reference
- Regression Testing
- Data Retention Policy
- API Reference
- FAQ
- Imprint
Tokenization
Last updated:April 11th, 2024
Merchants around the world are navigating the universe of tokens and tokenization. When used properly, tokenization for merchants serves a dual use:
- it can be used to protect sensitive card data
- it can serve as an enabler for omnichannel (eCommerce and in-store)
But before deploying tokens, it is important to understand what they are and how they work.
Definition
Tokens:
- replace sensitive data such as a cardholder’s primary account number, in a secure token vault.
- ensure that sensitive customer data is no longer stored in the merchant’s environment. This relieves the merchant from the burden of being PCI compliant which means less obligations and costs. In the event of a breach, sensitive data will not be exposed, and consumer's trust will ultimately be maintained.
Format
Tokens can be:
- Non-card format preserving. The token format is not the same as the sensitive information it is replacing. For instance, a Registration Token is transposed into an universal unique identifier (UUID) in a random alphanumeric format.
- Card format preserving. The token maintains the same format as the original PAN (Primary Account Number), but the values are randomly changed. For instance, an Omni Token keeps first 6 digits (BIN or Bank Identification Number) and last 4 digits similar to the original card number. This helps merchants offering loyalty programs based on a format preserving token. This helps merchants to still use the bin for dispatching to the proper merchant account or use last 4 digits to show the tokenized cards within the one-click checkout payment widget.
Types
There are several distinct types of tokens we support in payments, and it is important to understand the differences.
eCommerce only
Registration Tokenization is both card and non-card tokenization solution offered by VR pay Internet Gateway to replace Primary Account Numbers (PANs) or/and other (non-)card details with a generated Registration Token.
Registration Tokens
- They are generated by the platform for a merchant operating eCommerce business.
- They should be stored by the merchant to initiate payments.
- They can trigger the creation of a Network Token where the card scheme provisions the token and Issuer participates in the token approval process.