What is a token?

A stored card can be exchanged for a token by the card provider (f.ex Visa or Mastercard), this token is then linked to you as the merchant and can then be used for subsequent payments without the need for the card-holder to provide the original card details again.

When a card is linked to a token, any updates that happen to the card (such as expiration, replacement, or suspension) will be reflected in the token.

Examples of tokenized card use cases

Below are some examples of how tokenized cards can be used in practice.

Initial storage of card details and tokenization

A customer purchases a product/service from you for x amount and opts to save their card for subsequent payments. This initial order is processed and authenticated with 3DS using the card details provided by the card-holder.

For more scenarios about saving card data for future payments please see: Saved cards

After this initial payment and authentication is successful, the card details are tokenized and the token is stored to be used on all subsequent payments.

Once the above process has completed, the following life-cycle scenarios can occur:

Expired card

N.B If the card is due to expire, no action is required from either the card-holder or merchant.

A customers card data is tokenized and stored for subsequent payments with you. If/When the original card expires during the lifetime of the agreement with you, the card issuer will replace the card with a new card and link the new card to the token.

This means that the token will now represent the new card and payments can continue between you and the card-holder.

If the card is not replaced by the issuer, the token will be deleted and the stored card will be in a cancelled state, this means that the card-holder will need to be contacted to provide new card details to continue payments.

Expired token

N.B If the token is due to expire, no action is required from either the card-holder or merchant.

Once a card is tokenized, the token will have its own expiration date, this can potentially be a shorter life-span than the original card.

The issuer will notify OnPay that the token has been renewed (usually in the month of expiration) and the details will automatically be updated and the payments can continue between you and the card-holder.

If the token is not renewed by the issuer, the next payment will fail and the card-holder will need to be contacted to provide new card details to continue payments.

Suspended card

A customers card data is tokenized and stored for subsequent payments with you, if the original card is suspended by the issuer or card-holder then this will be reflected in the token.

This means that the stored card will no longer be valid for payments (suspended state) and the card-holder will need to be contacted to provide new card details to continue payments. However, an option that is available on tokenized cards is that the token can be reactivated if the suspension is lifted.

Replacement card (Lost/Stolen Card)

You have a customer that has agreed to store their card credentials with you for subsequent payments, these card credentials are tokenized and all the subsequent payments are now made using the token instead of the card details.

The card-holder reports their card as lost or stolen and the original card is replaced by the issuer.

When the new card is issued the issuer will link the new card to the token, this means that the token will now represent the new card and payments can continue between you and the card-holder without any interruptions.

If the card is not replaced then the token will be deleted by the issuer and the stored card will be in a cancelled state, this means that the card-holder will need to be contacted to provide new card details to continue payments.

Summary

Some of the features of tokenization are:

  1. The token is linked between the card-holder and you as the Merchant improving security.
  2. The token receives life-cycle updates when the underlying card expires, is suspended or is replaced.
  3. The token can be used for subsequent payments without the need for the card-holder to re-authorise.
  4. Improves continuity of subscription/recurring payments.
  5. Reduces the need for card-holder to update card details with you.
  6. 0 impact to the card-holder.

Tokenization FAQ:

  • Will all of my stored cards on file be tokenized? The majority of your stored cards will be tokenized, but in some case where the issuer does not support tokenization yet, the card will not be tokenized.
  • How do I know if the card on file has been tokenized? Tokenized cards are identified by the tokenized card symbol next to the card type. Tokenized card symbol
  • What are lifecycle updates? Lifecycle updates are updates to the token when the underlying card is replaced, expires or is suspended. Please see above use cases for more information.
  • Do I need to contact my customer when the token is about to expire? Please see above use case on expiring tokens. However, if a token is not renewed for some reason then the card-holder will need to be contacted to provide new card details. Rather than depending on the expiry date for this contact with the card-holder we suggest checking if the expiry date has elapsed when receiving a failed payment response.