Tokenization
What Is Tokenization?
Tokenization is the process of substituting sensitive card data with a non-sensitive equivalent called a token. The token is a reference that maps back to the original card information through a secure tokenization system, but it has no intrinsic meaning or value by itself. This prevents access to valuable card information in the event of a security breach.
By implementing tokenization, you can securely process card transactions without storing or handling raw card data in your systems, which significantly reduces your PCI DSS compliance scope and enhances data security.
How Tokenization Works
The tokenization process involves securely converting card data into a token that you can use for subsequent transactions. When you tokenize a card, the sensitive card number is replaced with a token identifier that can be safely stored and transmitted in your systems.
Card Tokenization
To tokenize card data, send a request to the Generate Token endpoint with the following details:
card_number: The card number to be tokenizedcustomer_id: Buyer identifier
The API returns a token number that you can use in place of the original card data for future transactions. This token can only be used within the GetNet payment system and cannot be reverse-engineered to obtain the original card number.
Create Payment With Token
When creating a payment with a tokenized card, include the following details in the payment request body:
data: First level objectpayment: Second level object (insidedata)card: Third level object (insidepayment)number_token: Property (inside card object) that should have the value of the previously received token number
number_token in the request body, you must exclude the card_number property.Regional Availability
For detailed information about tokenization availability by country, see Core Cards - Tokenization.
Benefits of Tokenization
Tokenization provides several advantages for merchants and service providers:
- Reduced PCI scope: By avoiding direct handling of card data, you minimize the systems and processes that fall under PCI DSS requirements.
- Enhanced security: Tokens have no intrinsic value outside the payment system, making them useless if intercepted or exposed.
- Simplified integration: You can store and reference tokens in your systems without the security controls required for raw card data.
- Repeat transactions: Tokenized cards enable secure recurring payments and one-click checkout experiences without re-entering card details.
Vault
The Vault feature enables the secure storage of sensitive card information, meeting the strict requirements of PCI DSS. This is essential for payment providers and companies that process card transactions as it helps protect their customers. The Vault offers several actions:
The storage process can be achieved by a single request that also supports idempotency, meaning that it produces the same result (avoiding duplicates), regardless of how many times it is made.
For more details, see the Store Card in Vault endpoint in the API specification.
customer_id (buyer identifier) in the query parameter.For more details, see the Get Cards By Customer Id endpoint in the API specification.
card_id in the final path parameter.For more details, see the Get Card by Id endpoint in the API specification.
See Also
- For implementation details and request parameters, refer to the Generate Token endpoint in the API specification.
- To understand compliance requirements when handling payment data, see PCI Compliance (PCI DSS).
- For a step-by-step guide on creating payments with tokens, see Create a Tokenized Payment.