Tokenisation is the replacement of sensitive data with a unique identifier that cannot be mathematically reversed. In your environment, tokens take the place of sensitive credit card data. Typically, the token will retain the last four digits of the card as a means of accurately matching the token to the payment card owner. The remaining numbers are generated using proprietary tokenisation algorithms.
How It Works
- To make a purchase on your website, the customer will enter their payment card information into the designated payment fields on the order page. These payment fields will be hosted by CyberSource using Secure Acceptance. When the customer hits the 'submit' button, the data is immediately encrypted and transmitted directly to CyberSource for storing, processing, and token generation. The payment data never enters your environment.
- The encrypted primary account number (PAN) is decrypted when it enters CyberSource's Level 1, PCI-compliant data vault, where it is securely stored. The payment data is then passed on to the processing channel (bank) and returned to CyberSource with an accepted or denied result.
- CyberSource returns the result to you but substitutes the PAN data with a uniquely generated token. You store the token in your database of record system (such as ERP system) for future transactions or chargeback resolution on that account. Customer service representatives can easily verify customers as the custom token will retain the last four digits of the original PAN.
- Reduces PCI DSS scope
- Renders payment card data meaningless to hackers
- Provides end-to-end security
- Not mathematically reversible
- Format fits legacy payment card data fields
- Retains last four digits of original payment card data for easy customer identification
- Chargebacks and payment reconciliation handled by CyberSource
- Works with existing systems or processor
- Supports multiple payment actions and checkout model