Tokenization is the process of replacing sensitive data with a reference to the data without compromising security. It seeks to minimize the amount of sensitive data that a business needs to keep on hand, improving the security of credit card and eCommerce transactions and reducing the cost and complexity of compliance with industry standards and government regulations.
By referring to tokenized data, you can reduce previously submitted sensitive data without storing it in your own systems. We issue the token and bears the responsibility for keeping cardholder data safe.
As tokenization means that you no longer have to store sensitive data in your own system, it is particularly beneficial for recurring payments, one-click payment solutions and for merchants that are not PCI-compliant. Tokenization allows you to use the GlobalCollect platform in multiple data centers concurrently.
Tokenization currently supports the following payment products:
Token Creation for Recurring Transactions
Using a Token
For a full reference of the API’s used for tokenization please see the following reference.
How to enable this service (boarding)
We will tokenize every first recurring transaction that is processed with us. You will get returned a so called ‘profileID’ with a successful transaction.
Please note that we charge service costs for the usage of tokens in next recurring payments.
- You cannot send self-generated Order IDs in the ORDERID key in API calls (we will generate the ORDERID), however, you can provide Order ID information in the MERCHANTORDERID key.
- To recover the Order ID for a transaction, use the GET_ORDERSTATUS API call, providing the MERCHANTORDERID and/or the MERCHANTREFERENCE keys to retrieve the status of the transaction (you can get the ORDERID from the response)
- We allow you to share tokens among multiple accounts on the GlobalCollect platform upon request.
To do so:
- You provide us with an overview of the merchant numbers and the corresponding merchant names and requests for the tokens to be shared among these specific accounts.
- We link the accounts.
- We send you a confirmation that the accounts are linked and tokens can be shared.
The token will be reported in the Payment Console within the payment details of a transaction. With advanced search you can look for all transactions that were made for a specific token.
NOTE: This does not include the first transaction as this token is created after the first transaction.
In the WX file the token is used for every transaction that used a token on field position 651.
What part of PCI compliancy does tokenization take away?
PCI compliancy consists of 3 parts. With tokenization it takes away:
- Processing credit card transactions
- Storage of credit card details
- Transmitting credit card transactions
Tokenization takes away the 2nd requirement: storage of credit card details.
What information is stored in the Profile?
Consumer details Credit card details Direct Debit SEPA PayPal Surname Credit card number Account number Billing agreement ID Company name First name Expiry date IBAN Prefix surname City Card holder name Bank code Street Credit card details Branch code House number Bank CheckDigit Additional address info BIC Zip Account name State Bank name StateCode Customer bank city CountryCode (ISO 3166)