Tokenization

Tokenization is a powerful security feature that allows a merchant to support all of their existing business processes that require card data without the risk of holding card data and without any security implications therefore protecting the customers’ confidential information.

Tokenization eliminates the risk of storing sensitive data, and substantially reduces the liability and costs associated with PCI compliance.

In this section:

note

  • The terminal must be set up with the Tokenization  option.
  • Tokens are unique for each merchant. For example, the same card will produce a different token for each merchant.
  • Tokens match the format of the initiating PAN and do not overlap major brand (Visa, MC, AMEX, and Discover) BIN ranges (first digit is 0-2 or 7-9) and share last four digits with corresponding PAN.
  • Merchants with multiple terminals sharing tokenization domains will receive the same token for a unique card and the token can be used across their stores if they wish to do so.

Token Generation

Tokenization generates tokens that are linked to credit card and gift card numbers. Converge provides the following ways to generate tokens:

Within the Authorization Request

With this token generation method, you include the ssl_get_token (Generate Token Indicator) parameter in the authorization request of the following transactions:

Credit Card

  • Sale
  • Auth Only
  • Force
  • Balance Inquiry
  • Batch Import
  • Submit Recurring Payment
  • Submit Installment Payment

Gift Card

  • Activation
  • Sale
  • Balance Inquiry
  • Reload
  • Credit

EMV Card

  • Chip Sale
  • Swipe Sale

Refer to the Credit Card Transactions sections for more information about each transaction.

Optionally, you can include the ssl_add_token (Add to Card Manager Indicator) parameter in the authorization request to store the token in Card Manager. Card Manager enables merchants to tokenize and store the customer’s sensitive payment data and associated information on Elavon’s secure servers,which simplifies their PCI-DSS compliance and the payment process for returning customers. Note that this parameter is only applicable to credit card transactions, excluding Batch Import. For gift card transactions, use the Converge user interface.

Through a Transaction

With this token generation method, you send one of these transactions to request a token without authorization:

Token Management

Once the tokens are stored in Card Manager, you can submit one of these credit card transactions to manage the stored tokens:

Transaction Processing Using a Token

Once the token is generated for the payment card, you can submit one these transactions with the ssl_token (Card Token) parameter as a substitute for the card number:

Credit Card

  • Sale
  • Auth Only
  • Force
  • Credit
  • Balance Inquiry
  • Batch Import
  • Add Recurring
  • Add Installment

Gift Card

  • Activation
  • Sale
  • Balance Inquiry
  • Reload
  • Credit

Refer to the Credit Card Transactions sections for more information about each transaction.