Tokens are designed to eliminate or limit the POS/PMS application’s need to store sensitive cardholder data. Tokens allow a POS/PMS to store a value other than the Primary Account Number (PAN) for a processed card to be reused.
There are three token providers supported by Fusebox: Voltage, Protegrity, and Merchant Link. Elavon has built a new Enterprise Tokenization Solution and Database which introduces Voltage as a provider. Protegrity is legacy provider that will be removed from Fusebox in the near future. Merchant Link tokens are processed through an external provider but may be used in conjunction with the other providers.
The Enterprise Token Solution allows a merchant to convert one token of type to another. New merchants will be setup to use this system for the start, while existing merchants must be re-boarded to use. Merchants POS/PMS systems must indicate the token type they are providing and the token type they request to be returned. Fusebox will return the token value along with the token type, the POS/PMS systems will store this information for use on future transactions.
General integration requirements
- Merchant POS/PMS applications will send the PAN or Track Data with the Card Account Number to be tokenized in API field 0003 in the API request message sent to Fusebox.
- Merchant POS/PMS applications must send API field 1008 with a value of “ID:” indicating a token is being requested in the request message sent to Fusebox.
- Merchant POS/PMS applications must retain the token value in API Field 0003 of the response message returned from Fusebox.
Example - Token Returned from Fusebox in API Field 003
- Merchant POS/PMS applications must provide the token value on subsequent transactions in field 0003 of their request messages sent to Fusebox. This is required for subsequent transactions either within the same transaction life cycle or to start a new transaction life cycle.
Example - Token sent to Fusebox in API field 0003
- On subsequent transactions, the token value may change in the response message from Fusebox. Merchant PMS/POS must update their token database and store this new token value (replacing the old token value) for use on future transactions.
- Merchant POS/PMS applications are advised to retain the token type provided value in API field 5027 of the response message returned from Fusebox and store this value with the associated token.
- Merchant POS/PMS applications are advised to integrate to send API fields 5026 and 5027 indicate the token format that is being provided and requested in the request message sent to Fusebox.
Fusebox Merchant Configurations for Tokenization
Protegrity Universal Token Configuration – Current Merchants
This configuration is used by existing merchants that support Protegrity Universal Tokens and process through the legacy tokenization system. This configuration is not available for new merchants. All existing merchants using Protegrity Universal Tokens will be required to the integration requirements stated in this guide and migrate to Voltage Tokens using the Enterprise Token Solution.
Voltage Token Configuration – New Merchant Implementations
This configuration is for new and existing merchants to support Voltage Tokens and process through the new Enterprise token solution. Existing merchants will need to have their boarding record updated for this configuration. Using this configuration, new merchants will only send and receive Voltage tokens. Existing merchants will send and receive Voltage tokens, and may send in their Protegrity Universal tokens already on file and replace them with Voltage tokens.
Merchant Link Token Configuration – Limited Use
This configuration is for merchants to support Merchant Link Tokens and is limited to specific merchant chain codes. New merchants will send and receive Merchant Link or Voltage tokens. Existing merchants will send and receive Merchant Link or Voltage token, and may send in their Protegrity Universal tokens already on file and replace them with Voltage or Merchant Link tokens.