Merchants wishing to accept multiple payments from a customer’s bank card, without PCI DSS burden of requesting and retaining the card number for every transaction, have the option of submitting encrypted data (a ‘token’ or a ‘reference’) associated with the customer’s card number or previously authorised transaction via DataCash Payment and Card Tokenization solutions.
Tokenization solution enables merchants to convert Bank Card numbers into tokens either during a Bank Card authorisation (as a bi-product), or to migrate card data to DataCash in return for a unique 40 character alphanumeric token (card tokenization) or a 16 numeric digit DataCash reference number (payment tokenization).
The token or reference number can then be submitted for all subsequent payment requests, thus removing the burden of storing sensitive card data internally and reducing PCI DSS compliance requirements.
Easily integrated with any existing Merchant website, call centre or mobile app; both tokenization solutions can be used in conjunction with DataCash Fraud Prevention tools, 3-D Secure and DataCash Hosted Pages Solutions. Both methods can be added as an extension to an existing DataCash integration, without disrupting the merchant’s payments workflow.
DataCash offers two options within the Tokenization Solution, of which the key product feature differences between each are highlighted below:
|
Payment Tokenization |
Card Tokenization |
|
Payments tokenized as a bi-product of processing successful transactions |
Cards tokenized as a bi-product of processing successful transactions or via a standalone tokenization process without authorisation |
|
1. Functionality The reference can be used in place of the card number with the merchant only needing to capture the card security code (CVV) and expiry date to authorise subsequent transactions. 3-D Secure is compatible with payments initiated using reference numbers. References for subsequent payments are only obtained as a bi-product of processing successful transactions. The reference is unique to the transaction not the card number |
1. Functionality The token can be used in place of the card number with the merchant only required to capture the card security code (CVV) and expiry date to authorise subsequent transactions. 3-D Secure is compatible with payments initiated using tokens. Tokens for subsequent payments are obtained as a bi-product of transaction processing or via a standalone tokenization process during which a token is generated but no authorisation occurs, enabling Merchants to batch send card numbers for token generation. |
|
2. Pre-set Expiry Date |
2. Pre- set Expiry Date |
|
3. DataCash Reporting |
3. DataCash Reporting |
Payments Flow
Dependent on the action the Merchant wishes to take, the payment flow experienced for both solutions will differ. Possible examples are explained below:
|
1. Obtaining and storing a reference during the payment process i) Merchant submits a standard authorisation request, to the DataCash Payment Gateway. ii) DataCash processes the transaction request and communicates with the Merchant’s acquiring bank for authorisation iii) If successful, an auth code and 16 digit reference is returned in the authorisation response to the Merchant. iv) The reference may be used within a 13 month period to process a subsequent transaction. |
1. Obtaining and storing a token during the payment process i) Merchant submits a standard authorisation request to the DataCash Payment Gateway
|
|
2. Transaction using a DataCash Reference i) Although the transaction process is the same as above, instead of sending the customer’s card details to the DataCash Payment Gateway, the Merchant submits a simple XML request containing theDataCash reference numberassociated to the previous transaction, along with the other card information (security code, amount, reference etc). ii) The DataCash Payment Gateway locates the Card Number from the previous transaction and submits an authorisation request to the Merchants’ acquiring bank. iii) On receipt of a successful transaction, the authorisation code, along with a new DataCash reference number, is then passed on to the Merchant to store and use within a 13 month period. |
2. Transaction using a token i) Using a previously generated token, the merchant submits an authorisation request to the DataCash Payment Gateway including token and card expiry date. DataCash will validate the token has been generated from a previous transaction or tokenized request. |
|
3. Requesting a reference without authorising a payment References used for the purposes of an authorisation request can only be obtained as a bi-product of the transaction authorisation process.
|
3. Requesting a token without authorising a payment i) If a Merchant wishes to tokenize a card number without debiting the card, the Merchant need only submit a tokenization request containing the card number. ii) Once the tokenization request is received and has been validated by the DataCash Payment Gateway, the token is then generated, stored, and returned to the merchant to store for use within a 48 month period. Suitable for merchants wishing to clear internal systems of sensitive card numbers were these were traditionally stored.
|
The Midcounties Co-Operative is expanding its
View it here!
