Visa Token Service (VTS) is an innovative security feature provided by Visa. After the customer performs their first successful payment on your site, it replaces the customer’s card number stored on our system with a unique identifier called a network token. When the customer returns to your site to make new purchases, the token is used in place of their sensitive payment credentials, reducing the risk of their data being compromised.
How it works
- The customer enters their payment details into the checkout form, agrees for their card to be stored as a token for future purposes, and processes a payment.
- Providing the transaction is correctly flagged as Credentials on File, Trust Payments contacts Visa to tokenize the customer's card details.
- Visa contacts the customer's card issuer for approval.
- When approved, Visa returns the token to Trust Payments.
- Trust Payments stores the token securely to be used for future payments with the customer's card.
Benefits
By participating in tokenization, processing e-commerce transactions comes with minimal risk of fraud, because the technology greatly reduces the likelihood of sensitive payment credentials being exposed. Furthermore, tokens can be limited to a specific mobile device, merchant or number of purchases (say, a limit of 5) before expiring.
Trust Payments uses the Visa Digital Credential Update Service (VDCU) to ensure stored tokens are kept up to date and active, even if the underlying card gets replaced. This is a seamless process that is performed automatically without the need for additional configuration.
Configuration
Trust Payments will contact you when VTS has been enabled on you site reference(s). If you would like to check if VTS is already enabled on your account, please contact our Support Team.
Once enabled, to attempt tokenization on a transaction, you must flag the transaction as Credentials on File (include credentialsonfile=1 in your request). Click here to learn about Credentials on File.
Processing future transactions using token
- If tokenization attempt is successful, all future transactions with this card will instead be processed with the token instead of the customer’s sensitive card details.
- If tokenization attempt is unsuccessful, all future transactions with this card will be processed using the customer’s sensitive card details (as with a standard non-tokenized payment).
About URL notifications for VTS
You can update URL notifications to identify transactions as processed using a token. To do this, go to the Action and add the following custom fields:
- tokenisedpayment
- tokentype
- walletdisplayname
When receiving a URL notification, transactions processed using a token can be identified when tokenisedpayment=1 and tokentype=VISATOKEN. For tokenised payments, the walletdisplayname contains the last 4 digits of the card number associated with the token.
To configure URL notifications, you will need to use the MyST Rule manager. Click here to learn more.
Using MyST to view tokenised payments
You can quickly identify transactions processed using a token by viewing the details in MyST, by checking the value of the Tokenised payment is set to “1”. The Token source type field is used to identify the type of token used for this payment “VISATOKEN”, as shown in the example below:
Note that with tokenized payments, the Card number refers to the unique token number. The last four digits of the customer’s card number can be found under the Wallet details section, by the Wallet display name field, as shown in the following example:
Related articles
Recurring payments
Subsequent recurring payments using the tokenized card details can be processed using our Webservices API.
Merchant Initiated Transactions (MIT)
Submit ad-hoc requests to process a transaction from previously stored card details without cardholder interaction.
Tokenization
Learn about storing card details for use in future transactions.
