About Network Tokens
Network tokenisation is a new method of securely processing transactions where tokens issued by card schemes are used to facilitate payments rather than needing to send sensitive card details in requests to our gateway.
Using network tokens in this way is inherently more secure, as it means sensitive card information is exposed to fewer parties as part of the payment process. Specific network tokens can be restricted by the issuer to exclusively work with authorised shops for a limited time, meaning that even if tokens are compromised in a breach, malicious third parties will be unable to use them to complete unauthorised transactions.
How it works
- The customer enters their card details on a payment form hosted on your website.
- Using the Visa Token Service (VTS) or Mastercard Digital Enablement Service (MDES), you create a network token that represents the customer's card details.
- Using our Webservices API, your server submits a request to our payment gateway that includes the network token supplied by the card schemes.
- Trust Payments seeks authorisation from the acquiring/issuing banks and processes the transactions.
- The network token is stored securely by Trust Payments and can be used to process future transactions without needing to re-send the customer's card details.
Network tokens (token PAN and expiry date) are obtained from the Visa Token Service (VTS) and Mastercard Digital Enablement Service (MDES) by token requestors.
Before you can process transactions with network tokens, you must first register as a network token requestor with Visa and Mastercard:
Visa Mastercard (Note: These are links to external sites)
The following documentation explains how to manually submit requests with CoF network tokens using our Webservices API and assumes you have already established procedures with Visa and Mastercard to obtain the aforementioned tokens.
If you are looking for information on how to process e-commerce payments using device network tokens from Apple Pay and Google Pay digital wallets, please refer to the following articles:
Requirements
- You must obtain the necessary PCI certification when handling sensitive cardholder data. If you are unsure, contact our Support Team for assistance.
- You must have a process in place to use the Visa Token Service (VTS) and Mastercard Digital Enablement Service (MDES) to obtain the network tokens needed to process transactions using our payment gateway.
- The use of network tokens necessitates the use of your own library. Our Python and PHP libraries do not support this functionality.
- All customer-initiated e-commerce transactions must use Strong Customer Authentication (SCA) as mandated by the PSD2 mandate. Submitting a valid network token authentication cryptogram (TAVV) by following the instructions below qualifies as SCA.
- Where a card issuer soft declines a customer-initiated authorisation including a valid TAVV, the merchant must either:
- Generate a new TAVV and retry, OR;
- Step up to authenticate the CoF network token using 3DS challenge flow. Learn more.
- In order to reduce fraud, Visa has mandated that all UK-based merchants with a Merchant Category Code (MCC) of 6012 are required to send additional fields in AUTH and ACCOUNTCHECK requests. Learn more.
Request
Example
To successfully process a request, you must follow the specification below:
{
"alias":"webservices@example.com",
"version":"1.00",
"request":[{
"accounttypedescription":"ECOM",
"baseamount":"1050",
"credentialsonfile":"2",
"currencyiso3a":"GBP",
"expirydate":"01/27",
"pan":"4111111111111111",
"requesttypedescriptions":["AUTH"],
"sitereference":"test_site12345",
"tavv":"insertTavvHere",
"tokenisedpayment":"1",
"tokentype":"VISATOKEN",
"walletdisplayname":"5555"
}]
}
<requestblock version="3.67">
<alias>webservices@example.com</alias>
<request type="AUTH">
<billing>
<payment>
<amount currencycode="GBP">1050</amount>
<expirydate>01/2027</expirydate>
<pan tokenised="1" tokentype="VISATOKEN">4111111111111111</pan>
<wallet>
<displayname>5555</displayname>
</wallet>
</payment>
</billing>
<operation>
<accounttypedescription>ECOM</accounttypedescription>
<credentialsonfile>2</credentialsonfile>
<sitereference>test_site12345</sitereference>
</operation>
<threedsecure>
<tavv>insertTavvHere</tavv>
</threedsecure>
</request>
</requestblock>
{
"alias":"webservices@example.com",
"version":"1.00",
"request":[{
"accounttypedescription":"RECUR",
"baseamount":"1050",
"credentialsonfile":"2",
"currencyiso3a":"GBP",
"expirydate":"01/27",
"pan":"4111111111111111",
"parenttransactionreference":"12-3-4567",
"requesttypedescriptions":["AUTH"],
"sitereference":"test_site12345",
"subscriptionnumber":"2",
"subscriptiontype":"RECURRING",
"tokenisedpayment":"1",
"tokentype":"VISATOKEN",
"walletdisplayname":"5555"
}]
}
<requestblock version="3.67">
<alias>webservices@example.com</alias>
<request type="AUTH">
<billing>
<payment>
<amount currencycode="GBP">1050</amount>
<expirydate>01/2027</expirydate>
<pan tokenised="1" tokentype="VISATOKEN">4111111111111111</pan>
<wallet>
<displayname>5555</displayname>
</wallet>
</payment>
<subscription type="RECURRING">
<number>2</number>
</subscription>
</billing>
<operation>
<accounttypedescription>RECUR</accounttypedescription>
<credentialsonfile>2</credentialsonfile>
<parenttransactionreference>12-3-4567</parenttransactionreference>
<sitereference>test_site12345</sitereference>
</operation>
</request>
</requestblock>
{
"alias":"webservices@example.com",
"version":"1.00",
"request":[{
"accounttypedescription":"ECOM",
"baseamount":"1050",
"credentialsonfile":"2",
"currencyiso3a":"GBP",
"expirydate":"01/27",
"initiationreason": "C",
"pan":"4111111111111111",
"parenttransactionreference":"12-3-4567",
"requesttypedescriptions":["AUTH"],
"sitereference":"test_site12345",
"tokenisedpayment":"1",
"tokentype":"VISATOKEN",
"walletdisplayname":"5555"
}]
}
<requestblock version="3.67">
<alias>webservices@example.com</alias>
<request type="AUTH">
<billing>
<payment>
<amount currencycode="GBP">1050</amount>
<expirydate>01/2027</expirydate>
<pan tokenised="1" tokentype="VISATOKEN">4111111111111111</pan>
<wallet>
<displayname>5555</displayname>
</wallet>
</payment>
</billing>
<operation>
<accounttypedescription>ECOM</accounttypedescription>
<credentialsonfile>2</credentialsonfile>
<initiationreason>C</initiationreason>
<parenttransactionreference>12-3-4567</parenttransactionreference>
<sitereference>test_site12345</sitereference>
</operation>
</request>
</requestblock>
{
"alias":"webservices@example.com",
"version":"1.00",
"request":[{
"accounttypedescription":"ECOM",
"baseamount":"1050",
"credentialsonfile":"2",
"currencyiso3a":"GBP",
"expirydate":"01/27",
"pan":"4111111111111111",
"parenttransactionreference":"12-3-4567",
"requesttypedescriptions":["REFUND"],
"sitereference":"test_site12345",
"tokenisedpayment":"1",
"tokentype":"VISATOKEN",
"walletdisplayname":"5555"
}]
}
<requestblock version="3.67">
<alias>webservices@example.com</alias>
<request type="REFUND">
<billing>
<payment>
<amount currencycode="GBP">1050</amount>
<expirydate>01/2027</expirydate>
<pan tokenised="1" tokentype="VISATOKEN">4111111111111111</pan>
<wallet>
<displayname>5555</displayname>
</wallet>
</payment>
</billing>
<operation>
<accounttypedescription>ECOM</accounttypedescription>
<credentialsonfile>2</credentialsonfile>
<parenttransactionreference>12-3-4567</parenttransactionreference>
<sitereference>test_site12345</sitereference>
</operation>
</request>
</requestblock>
Replace <DOMAIN> with a supported domain. View full domain list.
Field specification
The request submitted mostly follows the same specification as a standard AUTH request, with additional relevant fields listed in the table below:
| Field | Format | Description | |
| Required | tokenisedpayment XPath: /billing/payment/pan/@tokenised |
Numeric (1) |
Defines whether the payment is being processed with a network token. Submit "1" to indicate a network tokenised payment. |
| Required | tokentype XPath: /billing/payment/pan/@tokentype |
Alphanumeric (50) |
Specify the type of token. Possible values:
MASTERCARDTOKEN is not supported with MOTO transactions.
|
| Required | walletdisplayname XPath: /billing/payment/wallet/displayname |
Alphanumeric (255) |
Submit the last four digits of the customer’s card number (e.g. “5555”). |
| Conditional | tavv XPath: /threedsecure/tavv |
Alphanumeric (56) |
The Visa VTS TAVV or Mastercard DSRP Cryptogram. For Customer-Initiated Transactions (CIT): Either tavv is required OR the EMV 3DS authentication information must be submitted instead as described in this article. For recurring transactions, Merchant-Initiated Transactions (MIT) or REFUND: Do not submit tavv. |
Response
The response returned mostly follows the same specification as a standard AUTH response, with additional considerations listed in the table below:
| Field | Format | Description | |
| Returned | tavv XPath: /threedsecure/tavv |
Alphanumeric (56) | The Visa VTS TAVV or Mastercard DSRP Cryptogram. |
| Returned | tokenisedpayment XPath: /billing/payment/pan/@tokenised |
Numeric (1) | This field is returned with value "1", indicating that the transaction was processed using a token. |
| Returned | tokentype XPath: /billing/payment/pan/@tokentype |
Alphanumeric (50) | Used to identify the type of token used for this payment (e.g. "VISATOKEN"). |
| Returned | walletdisplayname XPath: /billing/payment/wallet/displayname |
Alphanumeric (255) | This contains the walletdisplayname submitted in the request. |
Related articles
AUTH
Specification for processing AUTH requests using our Webservices API and interpreting the responses returned.
REFUND
Specification for processing REFUND requests using our Webservices API and interpreting the responses returned.
Recurring payments
Specification for processing a sequence of recurring transactions using our Webservices API.
Merchant Initiated Transactions (MIT)
Submit a request to process a transaction from previously-stored card details using our Webservices API.
Using your own MPI
The merchant plug-in (MPI) handles 3-D Secure card verification. You can use your own MPI instead of Trust Payments standard implementation by following these instructions.
