Session Vault Tokens: Enhancing Payment Security

In this comprehensive article, we will introduce you to the 15-minute Session Vault Token—a powerful tool meticulously designed to bolster security and compliance within the realm of payment processing. Our exploration will delve into its distinct features, key advantages, and the proficient methods for its application.

📝 About Session Vault Token

The Session Vault Token serves a singular purpose—to safeguard your payment data during its transient existence. Unlike its enduring counterparts, the Session Vault Token boasts a fleeting lifespan of a mere 15 minutes or until its initial usage. The process of creating this specialized token is uncomplicated; a mere specification of the vault_type in your request suffices to set it in motion.

💡 Features of the Session Vault Token

  • 15-Minute Validity: Comparable to a self-destructing message, this token remains accessible for only a brief duration.
  • Expiration upon First Usage: As soon as it fulfills its role in a payment request, it self-erases, ensuring the utmost security in your transactions.

🛠️ Supported & Unsupported Operations

Supported Operations:

  • Charge creation: Encompassing Direct Charges, Authorization & Capture, and Verification.
  • Standalone 3DS & In-built 3DS (MPGS & Tillpayment).
  • Standalone Fraud & In-built Fraud.
  • Standalone refunds.

Unsupported Operations:

  • Creation of Customer profiles.
  • Management of subscriptions and Wallet Payments.
  • Modification of the "vault_type" after its creation.

🔑 Key Benefits

  • Ensures Compliance: The ability to transmit the "StoredOnFile: NOT_STORED" message to the gateway allows you to uphold data security standards.
  • Temporary Secure Storage: Card details are entrusted to Paydock's secure storage, with automatic deletion following 15 minutes or a financial authorization.
  • Flexibility for Merchants: Facilitating a range of functions, including 3DS verifications, fraud checks, and financial authorizations, without necessitating the prolonged retention of cardholder's sensitive information.

👨🏻‍💻 How to Use It

The creation of a new Session Vault Token is a straightforward process, conveniently executed through an API request. A request body example is provided below:

{

"card_name": "Wanda Mertz",

"card_number": "4111111111111111",

"expire_month": "09",

"expire_year": "25",

"card_ccv": "123",

"vault_type": "session"

}

Merchants possess the flexibility to generate a Session Vault Token from various sources, including credit cards, bank accounts, or one-time tokens, all without the requirement of a gateway_id. This adaptability empowers businesses to elevate their payment security without compromising the user experience.