Card Tokenization

Tokenization is a technique used to capture and store a customer’s secure card data without exposing the merchant to heighted PCI security requirements or increased ramifications of a potential database breach by online criminals.

Tokenization enhances the payment process for customers and merchants alike by streamlining ecommerce transactions and providing better options for automated subscription type payments and subsequent rebills.

1. Using a surrogate token, merchants can store their customers’ card details as part of a customer profile. When the customer reaches the checkout, the shopping cart can prompt the customer if they would like to use a stored card token. The token is passed into the XML or JSON, which is sent to Payment Express in place of the customer’s card details.

2. Tokenization affords a handy solution when it is necessary to rebill a customer’s card. After a payment has been made, additional charges can be levied against the customer using the surrogate token. In situations such as a hotel with a bar fridge, the customer is free to take what they wish and the total is charged to their card after the fact.

3. Monthly subscriptions can also use tokenization, using an automated system the merchant can arrange for periodic charges against a customer’s card in exchange for a good or service.


Tokenization with Payment Express.

To tokenize a card, Payment Express must receive the card data as part of a transaction. Any Payment Express ecommerce, attended, or unattended solution may tokenize a customer’s card data. In many cases, this is as simple as including an XML or JSON tag in the transaction request. The request must include the tag/property ‘EnableAddBillCard’ with the associated value of ‘1’.

To tokenize a card without sending a transaction through to the bank, merchants may use the ‘Tokenize’ transaction type.

There is some associated risk with the Tokenize transaction type, as this will not verify the card data with the bank.

Generate a token.

Depending on your requirements, Payment Express issues a token in one of three formats.

DpsBillingId CardNumber2 BillingId
The DpsBillingId is the default token returned from Payment Express when tokenizing a card. This is a 16 digit numeric value returned in the DpsBillingId tags/property. CN2 is a 16 character numeric value that adheres to the Luhn algorithm. This makes it ideal for use in systems that validate entered card numbers. The CN2 value is derived from the card number entered; if a card is entered multiple times the same token will be returned. The BillingId is a merchant generated token with a maximum size of 32 alpha-numeric characters.

Batch processing.

Batch processing enables merchants to tokenize many cards at once. The batch processer tool accepts card data entered in a CSV format and in exchange will return the token representation of each card.

Rebilling with Payment Express.

All tokens generated via a Payment Express user are shared at the group level, this means you can tokenize a card with your in-store EFTPOS terminal and rebill the same card using web services.

To utilize the card in a subsequent ecommerce transaction, the generated token must be included in the transaction request.