Tokenisation is a technique used to capture and store a customer’s secure card data without exposing the merchant to heighted PCI security requirements or increased ramifications of a potential database breach by online criminals.
Tokenisation enhances the payment process for customers and merchants alike by streamlining eCommerce transactions and providing better options for automated subscription type payments and subsequent rebills.
1. Using a surrogate token, merchants can store their customers’ card details as part of a customer profile. When the customer reaches the checkout, the shopping cart can prompt the customer if they would like to use a stored card token. The token is passed into the XML, which is sent to Payment Express in place of the customer’s card details.
2. Tokenisation affords a handy solution when it is necessary to rebill a customer’s card. After a payment has been made, additional charges can be levied against the customer using the surrogate token. In situations such as a hotel with a bar fridge, the customer is free to take what they wish and the total is charged to their card after the fact.
3. Monthly subscriptions can also use tokenisation, using an automated system the merchant can arrange for periodic charges against a customer’s card in exchange for a good or service.
The setup phase consists of saving a card with Payment Express with a transaction using one of our eCommerce APIs. The transaction can be a Purchase or Validate or Auth transaction type. The transaction can be an online $0.00 or $1.00 Validate which will only process a non-financial (zero dollar or no hold) transaction that is used check that the card and cardholder’s account is valid. If the processing bank or acquirer does not support Validate then the Validate transaction request will be converted to an Auth transaction automatically.
Alternatively a $1.00 Auth transaction type request will determine that the card is valid and not on hot or stolen card lists but depending on the processing bank or acquirer the transaction may incur a temporary financial hold of the transaction amount.
The Purchase transaction type is used if the card is to be charged with an amount and tokenised at the same time.
To add a card for future rebilling, send a transaction request including the following properties:
In the RecurringMode request field, please set one of the card storage reason as the string listed below:
When tokenising the card, please set one of the following:
| RecurringMode | Usage explanation |
|---|---|
| credentialonfileinitial | Cardholder will save card and for future orders the cardholder selects to reuse the saved card for the one-off payment. |
| unscheduledcredentialonfileinitial | Cardholder will save their card and for future order based on an event (such as topup) the merchant will reuse the saved card on behalf of the cardholder for the one-off payment. |
| recurringinitial | Cardholder will save their card and merchant will reuse the saved card on behalf of cardholder for the subscribed recurring payments. |
| installmentinitial | Cardholder will save their card and merchant will reuse the saved card on behalf of cardholder for the installment payments. |
Please discuss with our Implementation and Sales team about your tokenisation use cases if you are unsure. The RecurringMode string value should be set based on the merchant’s use or business case for tokenising.
Depending on your requirements, Payment Express issues a token in one of three formats.
| Card Token | Description |
|---|---|
| DpsBillingId | The DpsBillingId is the default token returned from Payment Express when tokenising a card. This is a 16 digit numeric value returned in the DpsBillingId tags/property. This is also known as cardId. |
| CardNumber2 | CN2 is a 16 character numeric value that adheres to the Luhn algorithm. This makes it ideal for use in systems that validate entered card numbers. The CN2 value is derived from the card number entered; if a card is entered multiple times the same token will be returned. |
| BillingId | The BillingId is a merchant generated token with a maximum size of 32 alpha-numeric characters. |
All card tokens generated via a Payment Express API or Payline user are shared at the group level, this means you can tokenise a card with your in-store EFTPOS terminal and rebill the same card using one of our eCommerce APIs.
To utilize the card in a subsequent eCommerce transaction, the generated card token must be included in the transaction request.
When rebilling the card with token, please set one of the following:
In the RecurringMode request field, please set one of the card storage reason as the string listed below:
| RecurringMode | Usage explanation |
|---|---|
| credentialonfile | Cardholder selects their saved card to make the one-off rebill payment. |
| unscheduledcredentialonfile | Merchant initiated and event driven one-off rebilling with stored card (e.g. auto topups). |
| installment | Merchant initiated rebilling payments in installments with a stored card token. |
| incremental | Merchant initiated incremented transaction amount to rebill e.g. hospitality or rentals etc. |
| recurring | Merchant initiated recurring transaction with a stored card token (e.g. subscriptions). |
| recurringnoexpiry | Merchant initiated recurring transaction with a stored card token where no card expiry check needs to occur (e.g. subscriptions). |
| resubmission | Merchant resubmits rebill with token where it requested an authorisation but may have received a decline due to insufficient funds and the order already delivered to the cardholder. Used with the token to get an outstanding payment from cardholder. |
| reauthorisation | Merchant initiated when the completion or conclusion of the original order or service extends beyond the authorisation validity. Common for retail (split or delayed shipments) and hospitality or rental services scenarios. |
| delayedcharges | Merchant initiated to process additional account rebill charge after original order and payment has been already processed and fulfilled. |
| noshow | Merchant initiated to charge the cardholder a penalty relevant to the merchant’s cancellation policy. Common for guaranteed reservations scenarios (e.g. Hospitality). |
Once the rebill request is received Payment Express processes the token with the associated credit card number and expiry date stored in the Setup Phase and a purchase transaction is formatted and processed with the card acquirer. Once the acquirer has processed the transaction the transaction response is sent back.
Please discuss with our Implementation and Sales team about your rebilling use cases if you are unsure. The RecurringMode string value should be set based on the merchant’s use or business case for rebilling the card.
