Tokenization
Tokenization (also known as Card On File) is a secure way to store payment account information (credit card numbers, or bank account and routing numbers) with Preczn.
The resulting token can be used in future transactions instead of sensitive payment account information.
Tokenization Use Cases
Tokenization's primary purpose is securely encoding cardholder payment data, while also making that data available for use in transactions in the form of a non-relational token.
Unlike encryption, tokenization is irreversible.
Tokenization protects cardholder information such as credit card numbers, bank account numbers, and PINs from being compromised during transactions. Implementing tokenization results in drastically reduced risks in handling payment account data, and a reduction in your platform's PCI scope.
**Tokenization uses include:
-
Secure payment processing: By replacing sensitive data with a unique token, tokenization can prevent fraud and unauthorized access to payment information during the transaction process. This helps to ensure that customers' payment information is kept safe and secure.
-
Recurring payments: Tokenization can be used to streamline recurring payments. The token can be used to securely store payment information, so that future transactions can be processed without the need for the customer to re-enter payment details.
-
Faster checkout: Tokenization can speed the checkout process by allowing customers to save their payment information securely, enabling them to complete transactions more quickly, and reducing abandoned carts.
Token Scope
Preczn supports token ownership at both the merchant and platform levels.
Merchant-level ownership means that the individual merchant has their own set of tokens that are specific to their business. Merchant scoped tokens also ensure that any issues or errors with tokenization are contained within that specific merchant rather than affecting an entire platform.
Platform-level ownership, on the other hand, means that the tokens are owned and managed by the platform, with tokens shared among all merchants. This model offers simplicity and ease of use.
Multi-Use Tokens
CVV Limitation
Card Verification Value (CVV) is not stored as part of a Multi-Use token. This omission is in compliance with Payment Card Industry (PCI) regulations, which prohibit the storage of CVV data for security reasons.
As such, ensure that your Connection/Processor's risk rules are configured to not require CVV with subsequent transactions.
The Preczn API returns multi-use tokens, when requested, along with the response of a successfully approved transaction.
-
A credit card token represents a card number and expiration date
-
A token will only be generated upon an approved Sale or Auth transaction. A declined transaction will never generate a token
-
Multi-use tokens are permanent and never expire, although a token's lifespan is still subject to its card's expiration date
-
Tokens are platform-bound. The same payment account details used for transactions on different platforms will generate different tokens. The same payment account details for different merchants belonging to the same platform will return the same token.
Why Multi-Use?
Obtaining single-use tokens via the Preczn API requires your software to send sensitive payment account information to our API. This contradicts the intention of single-use tokens, and does nothing to reduce the PCI scope of your software.
If your software is already accepting payment account information and transmitting it to the Preczn API, it is preferable to obtain multi-use tokens by processing a transaction via the Preczn API.
Note that this broadens the PCI scope of your software, and comes with the inherent risk of handling sensitive data.
Multi-Use Token Request via API Integration
To request a multi-use token to be returned, append the URL query parameter ?tokenize=true
to either an Auth or Sale transaction request.
If the transaction is approved, a token will be returned with the transaction response in the payment.token response field.
Use a token to process a transaction:
All tokens are used in place of payment account details when making an API request to process a transaction.
Simply set the payment.token property of the request to the token you wish to use in the transaction:
"payment": {
"token": "tkn_5ptw6a9dd8brzz5qw2b7xqkt1"
}
See the Process Transaction endpoint for more details
Single-Use Tokens
Single use tokens typically originate from a customer-facing user interface where the goal is to tokenize account information prior to authorizing a transaction. This prevents sensitive payment account information from being transmitted or stored by your software and servers.
The Preczn API provides single-use tokens which can be securely obtained using PaymentFields, helping to reduce the PCI scope of your software!
Updated about 1 year ago