Processing child transactions using Visa Token Service (VTS)

Visa Token Service (VTS) is a security feature provided by Visa that tokenizes the cards of customers.

Once enabled, you can process new AUTH requests through our Webservices API that include the tokens provided by Visa, rather than directly including sensitive card details, as described below.


Processing a transaction with a token

  You are required to authenticate all VTS tokenised payments using EMV 3-D Secure (3DS).
Click here to learn more about 3DS.

  1. A returning customer agrees to a new purchase on your site.
  2. Your system will need to submit a new AUTH request that includes the parenttransactionreference field.
  3. Before processing the payment, Trust Payments uses the parenttransactionreference to retrieve the customer’s unique token
  4. Trust Payments submits a payment request to the acquiring bank, including the customer’s token.
  5. The acquiring bank contacts Visa, who will be able to identify the customer from the token and contact their card issuer.
  6. The card issuer will either approve or decline the transaction and returns their response to Visa.
  7. Visa returns a response back to the acquiring bank and Trust Payments.
  8. Trust Payments will return an AUTH response to your system. You will need to check the contents of the response to determine whether or not the transaction was successful.
  9. Your checkout page will need to display the most relevant success / error message in the customer’s browser.


Example of AUTH request using VTS

Python PHP cURL Raw JSON Raw XML
import securetrading

stconfig = securetrading.Config()
stconfig.username = ""
stconfig.password = "Password1^"
st = securetrading.Api(stconfig)

auth = {
"sitereference": "test_site12345",
"requesttypedescriptions": ["AUTH"],
"accounttypedescription": "ECOM",
"currencyiso3a": "GBP",
"baseamount": "1050",
"orderreference": "My_Order_123",
"parenttransactionreference": "1-23-45"

strequest = securetrading.Request()
stresponse = st.process(strequest) #stresponse contains the transaction response


Field specification

  Field Format Description
X1-EN.png parenttransactionreference
XPath: /operation/parenttransactionreference
& hyphens (25)

The transactionreference of the previous successfully-authorised AUTH request, processed with a Visa-branded card, from which key details will be inherited.

  • If the parent transaction was tokenized successfully following the original authorisation, the re-authorisation will be processed using the Visa token in place of the customer’s sensitive card details.
  • If the parent transaction was not tokenized successfully following the original authorisation, the re-authorisation will be processed using the customer’s sensitive card details (as with a standard non-tokenized payment).


Handling the response

There are additional fields specific to VTS returned in the response. These are shown in the example below:

Python PHP Raw JSON Raw XML
u 'requestreference': u 'A0bxh87wt',
u 'version': u '1.00',
u 'responses': [{
u 'transactionstartedtimestamp': u '2016-12-07 11:32:44',
u 'livestatus': u '0',
u 'issuer': u 'Test Issuer',
u 'splitfinalnumber': u '1',
u 'dccenabled': u '0',
u 'settleduedate': u '2016-12-07',
u 'errorcode': u '0',
u 'orderreference': u 'My_Order_123',
u 'tid': u '27882788',
u 'merchantnumber': u '00000000',
u 'merchantcountryiso2a': u 'GB',
u 'transactionreference': u '23-9-80001',
u 'merchantname': u 'Test Merchant',
u 'paymenttypedescription': u 'VISA',
u 'baseamount': u '1050',
u 'accounttypedescription': u 'ECOM',
u 'acquirerresponsecode': u '00',
u 'requesttypedescription': u 'AUTH',
u 'securityresponsesecuritycode': u '0',
u 'currencyiso3a': u 'GBP',
u 'authcode': u 'TEST36',
u 'errormessage': u 'Ok',
u 'operatorname': u '',
u 'securityresponsepostcode': u '0',
u 'maskedpan': u '411111######0930',
u 'securityresponseaddress': u '0',
u 'issuercountryiso2a': u 'US',
u 'settlestatus': u '0',
u 'parenttransactionreference': u '1-23-45',
u 'tokenisedpayment': u '1',
u 'tokentype': u 'VISATOKEN',
u 'vaultreference': u '1-1',
u 'walletdisplayname': u '1111'


Field specification

  Field Format Description
X4-EN.png parenttransactionreference
XPath: /operation/parenttransactionreference
& hyphens (25)
The transactionreference of a previous request, from which key details have been inherited.
X4-EN.png tavv
XPath: /threedsecure/tavv
Alphanumeric & special characters (32) Token Authentication Verification Value
X4-EN.png tokenisedpayment
XPath: /billing/payment/pan/@tokenised
Numeric (1) A value of “1” indicates the transaction was processed using a token. If the transaction was processed using the card details (not the token) this field will not be returned.
X4-EN.png tokentype
XPath: /billing/payment/pan/@tokentype
Alpha (50) This should be returned with the value “VISATOKEN”, to indicate VTS was used.
X4-EN.png vaultreference
Alphanumeric & hyphens (25) This is a unique reference assigned by Trust Payments to identify the token.
X4-EN.png walletdisplayname
Numeric (4) This is information provided by the card issuer that can be displayed to the customer in order to identify the payment method. This typically includes the last 4 digits of their card number.


About notifications

Visa will periodically provide updates on tokens in scenarios where customers are issued new card numbers or expiry dates, or when tokens expire. URL notifications can be configured on your site reference(s) to be notified when this occurs. To configure these notifications, please contact our Support Team.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request