Tokenisation and Vault
Tokenisation substitutes sensitive customer data with a series of algorithmically generated numbers and letters called tokens. Credit card numbers (PAN) and account numbers transform into a non-sensitive and irreversible ID with no connection or value outside your account. Therefore, tokenisation is an effective way to ensure payment data is protected from criminal attempts like payment fraud, cyber attacks, or data breaches, as it's processed digitally.
Here's how tokenization works:
- The customer initiates a transaction and enters sensitive card information at checkout.
- Credit card details go to the acquiring bank, i.e. merchant bank, in the form of a token.
- The acquirer sends the token to the credit card network (i.e. VISA, Diners) to request authorisation.
- Once authorised, the customer's data is stored in the bank's virtual Vault. Then, the token gets matched to the customer's account number.
- A unique token is returned to the merchant for one-time and recurring payments.
The Vault is a PCI-DSS Level 1 storage facility for sensitive payment data such as card numbers. It's encrypted using the latest technology and compliant with the highest level of security for payment industry standards. As a result, our Vault allows Companies to absolve their business of significant compliance obligations without losing control of Customer payment data.
The Vault can sit on top of other third-party payment Vaults or operate independently. Hence, the flexibility to easily migrate tokens without the complexity of working with various Payment Services to achieve this objective.
The Vault also allows you to easily update payment data, such as card expiry dates, at a central location without disrupting payments.
The Vault will enable you to create customers described below or store payment details for one-off Transactions. You can also associate Vault tokens with specified Payment Sources. This gives you ultimate flexibility and security over how and when you Charge your Customers.
Tokens and Customers
Tokens are created within the Vault whenever you create a new Customer. The raw financial data is securely stored within a controlled and compliant environment and replaced in your Dashboard with an encrypted Token, which can only be used in conjunction with your unique API Secret Key. The token is a seemingly random, encrypted combination of numbers and letters accessible from your Dashboard.
By using Vault Tokens to store a Customer's card or Bank Account details, you can securely reCharge these payment methods in the future. In addition, our API suite allows us to associate specific Vault tokens with other parameters, such as a Customer or a specified Payment Service Provider. This will enable you to strengthen your business relationships with Payment Service Providers and improve reporting accuracy.
Associate Tokens with Payment Sources or Customers
Associating a newly created Token with a Customer or a Payment Service Provider will help report and track the activity on your account. If you skip this initial step, the possibility to opt-in later via the API exists. Tokenising Payment Methods happens seamlessly. However, if you intend to interact with these tokens once they are created, it's helpful to understand that any subscription running on old payment sources should be updated to the new Payment Source. Please refer to the User Guide for Subscriptions for more detail. In addition, a new Payment Source will be assigned automatically as the customer's default payment source. Again, please look at the User Guide for Customers to learn how to change a default Payment Source.
To associate a Vault Token with a customer, feel free to refer to this guide. To update the customer's payment source, these instructions will be helpful.