Scheme Tokenization
Overview
Network tokens are unique digital identifiers used to supply a tokenized value instead of the primary account number (PAN) in all parts of the payment chain. These tokens replace sensitive card data, like the account number and other details used for payment, without exposing the actual account information.
Network tokens are generated automatically and in real-time by the card schemes as customers use their cards.
A network token will never expire the same way as a payment card. When you replace cards with network tokens you will enjoy the benefit of having tokens that will always be kept valid by the payment scheme and card issuer. If the card issuer sends a completely new card to the cardholder, then the cardholder will receive the new card but does not need to do anything with any of his subscription services at merchants that utilize network tokens behind the scenes. Active tokens are kept up to date automatically if the cardholder’s bank account is active. Cardholders will in this way avoid updating services with the new card, and you will not need to delay payments, cause inconvenience to customers or lose them.
EMV's Payment Account Reference (PAR) is a non-financial reference that links each Token PAN to the Cardholder Account.
Availability
The Scheme Tokenization functionality (Network token & Payment Account Reference - PAR) can be retrieved under the token scope. This means that it can be set by Organisations with the same type of Merchant Company as for the token scope. The setup for scheme tokenization in Verifone Central will be available when a token scope is created or updated.
You will receive the network tokens and PAR only if the Token Requestor ID is provided by you. If the Token Requestor ID is provided by Verifone, then you cannot receive the network tokens and PAR.
Whenever the merchant requests for scheme tokenization to be enabled, the "Allow Network Tokenization" checkbox from the Payment Provider Contract page in Verifone Central has to be ticked. This checkbox will be shown whenever the network tokenization is supported by the acquirer/processor.
Benefits
Because network tokenization removes the need for sensitive cardholder data to enter the payments ecosystem, it significantly reduces the risk of payment card fraud and data theft. As a result, it helps decrease declines, chargebacks, and interchange fees.
Network tokens help reduce risk and improve the customer experience throughout the payments process. Further, transactions that use network tokens can potentially qualify for higher authorization rates and higher checkout conversion.
While the network token is mostly useful for payment purposes, the Payment Account Reference (PAR) is useful for analytics purposes. The PAR enables you to have a unified view of customers as the PAR value allows you to link all the purchases of a customer to one.
Workflow
To enable the Scheme Tokenization functionality is needed to have the corresponding setup in Verifone Central under the token scope.
In terms of API endpoints, there are two endpoints that will be updated so that the scheme tokenization information to be added:
- Update token details endpoint
In the “Update token details” call we have added an optional parameter scheme_token_action through which you can request to activate, suspend or delete the scheme tokenization
For the VISA cards, the merchant will have to pass in the request for the cardholder's email address as well so that the network tokens are generated. This is a mandatory field only for VISA cards.
In the “Update token details” response we have added the scheme token details:
You will receive these scheme details only if you provide the Token Requestor ID. If the Token Requestor ID is provided by Verifone, then you cannot receive the network tokens and PAR and only the Verifone tokens and the scheme_token_status are returned.
- Get Token details endpoint
We have added these scheme token details in the “Get token details” response as well.
Same as with the “Update token details”, you will receive these scheme details only if the Token Requestor ID is provided by you. If the Token Requestor ID is provided by Verifone, then you cannot receive the network tokens and PAR and only the Verifone tokens and the scheme_token_status are returned.
For the payment flow, whenever the scheme tokenization functionality is enabled, the network token is used for transaction processing instead of the PAN/DPAN. More exactly, Verifone sends to the acquirer the network token through the “PAN” field, the 3D Secure cryptogram, and the network token cryptogram. If the scheme tokenization is not supported, then the payment is done via PAN/DPAN.