Tokenization
Tokenization is a powerful security feature that allows a merchant to support all of their existing business processes that require card data without the risk of holding card data and without any security implications therefore protecting the customers’ confidential information.
Tokenization eliminates the risk of storing sensitive data, and substantially reduces the liability and costs associated with PCI compliance.
In this section:
note
- The terminal must be set up with the Tokenization option.
- Tokens are unique for each merchant. For example, the same card will produce a different token for each merchant.
- Tokens match the format of the initiating PAN and do not overlap major brand (Visa, MC, AMEX, and Discover) BIN ranges (first digit is 0-2 or 7-9) and share last four digits with corresponding PAN.
- Merchants with multiple terminals sharing tokenization domains will receive the same token for a unique card and the token can be used across their stores if they wish to do so.
Token Generation
Tokenization generates tokens that are linked to credit card and gift card numbers. Converge provides the following ways to generate tokens:
Within the Authorization Request
With this token generation method, you include the ssl_get_token (Generate Token Indicator) parameter in the authorization request of the following transactions:
Credit Card
- Sale
- Auth Only
- Force
- Balance Inquiry
- Batch Import
- Submit Recurring Payment
- Submit Installment Payment
Gift Card
- Activation
- Sale
- Balance Inquiry
- Reload
- Credit
EMV Card
- Chip Sale
- Swipe Sale
Refer to the Credit Card Transactions sections for more information about each transaction.
Optionally, you can include the ssl_add_token (Add to Card Manager Indicator) parameter in the authorization request to store the token in Card Manager. Card Manager enables merchants to tokenize and store the customer’s sensitive payment data and associated information on Elavon’s secure servers,which simplifies their PCI-DSS compliance and the payment process for returning customers. Note that this parameter is only applicable to credit card transactions, excluding Batch Import. For gift card transactions, use the Converge user interface.
Through a Transaction
With this token generation method, you send one of these transactions to request a token without authorization:
ccgettoken(Credit Card Generate Token)cctokenimport(Credit Card Information Batch Import)egcgettoken(Gift Card Generate Token)
Token Management
Once the tokens are stored in Card Manager, you can submit one of these credit card transactions to manage the stored tokens:
ccquerytoken(Token Query)ccupdatetoken(Token Update)ccdeletetoken(Token Delete)
Transaction Processing Using a Token
Once the token is generated for the payment card, you can submit one these transactions with the ssl_token (Card Token) parameter as a substitute for the card number:
Credit Card
- Sale
- Auth Only
- Force
- Credit
- Balance Inquiry
- Batch Import
- Add Recurring
- Add Installment
Gift Card
- Activation
- Sale
- Balance Inquiry
- Reload
- Credit
Refer to the Credit Card Transactions sections for more information about each transaction.