Visa Token Service (VTS) is an innovative security feature provided by Visa. After the customer performs their first successful payment on your site, it replaces the customer’s card number stored on our system with a unique identifier called a token. When the customer returns to your site to make new purchases, the token is used in place of their sensitive payment credentials, reducing the risk of their data being compromised.
Process overview
- The customer enters their payment details into the checkout form and processes a payment.
- Trust Payments contacts Visa to tokenize the customer's card details.
- Visa contacts the customer's card issuer for approval.
- When approved, Visa returns the token to Trust Payments.
- Trust Payments stores the token securely to be used for future payments with the customer's card.
Benefits
Tokenization is based on the EMVCo payment tokenization standard and aligns with EMV1 technology (the global standard for secure payments). By participating in tokenization, processing e-commerce transactions comes with minimal risk of fraud, because the technology greatly reduces the likelihood of sensitive payment credentials being exposed. Furthermore, tokens can be limited to a specific mobile device, merchant or number of purchases (say, a limit of 5) before expiring.
Configuration
To enable VTS on your site reference, you will need to contact our Support Team and request this feature is enabled. Once enabled, tokenization will automatically be attempted for all successfully-authorised transactions processed with Visa-branded cards. This process requires no additional configuration.
- If tokenization attempt is successful, all future transactions with this card will instead be processed with the token instead of the customer’s sensitive card details.
- If tokenization attempt is unsuccessful, all future transactions with this card will be processed using the customer’s sensitive card details (as with a standard non-tokenized payment). However, we will attempt to generate a Visa Token (to tokenize the card details) on these subsequent re-authorisation requests providing they are authorised successfully.
About URL notifications for VTS
You can update URL notifications to identify transactions as processed using a token. To do this, go to the Action and add the following custom fields:
- tokenisedpayment
- tokentype
- walletdisplayname
When receiving a URL notification, transactions processed using a token can be identified when tokenisedpayment=1 and tokentype=VISATOKEN. For tokenised payments, the walletdisplayname contains the last 4 digits of the card number associated with the token.
To configure URL notifications, you will need to use the MyST Rule manager. Click here to learn more.
Processing future payments using token
Tokenised payments using VTS are processed in the same way as standard tokenised payments, by including the parenttransactionreference of the original request in the new request. Whereas conventional tokenised payments inherit the card number to process the new request, if VTS is enabled on your account, the token assigned by Visa will be inherited instead. This means you can follow the processes described in our tokenisation documentation and a Visa token will be used in place of the card number when it is available.
Using MyST to view transaction details for tokenised payments
You can quickly identify transactions processed using a token by viewing the details in MyST, by checking the value of the Tokenised payment is set to “1”. The Token source type field is used to identify the type of token used for this payment “VISATOKEN”, as shown in the example below:
Note that with tokenized payments, the Card number refers to the unique token number. The last four digits of the customer’s card number can be found under the Wallet details section, by the Wallet display name field, as shown in the following example: