Visa Token Service

Reduce the risk of fraud by using tokens

Key Features:

  • Protects sensitive information from theft and fraud
  • Supports online, in-store, and mobile in-app purchases with flexible deployment and management options
  • Simplifies consumer purchasing experience

What is the Visa Token Service?

The Visa Token Service (VTS), a new security technology from Visa, replaces sensitive account information, such as the 16-digit primary account number, with a unique digital identifier called a token. The token allows payments to be processed without exposing actual account details that could potentially be compromised. Issuers, merchants, and wallet providers can deliver secure mobile payment applications, gain access to third-party digital payment experiences, or securely maintain cards on file in order to offer their customers safe ways to shop online and with mobile devices.

Visa Token Service provides the payment ecosystem with a flexible and scalable way to securely provision and manage digital credentials (tokens) across remote (e-Commerce and m-Commerce) and mobile contactless form factors. In order for payment tokens to provide improved protection against misuse, the token is limited to use in a specific domain, such as token requester, mobile device, merchant, transaction type, or channel. These capabilities are made available and complemented through a common set of Visa APIs.

The Token Service APIs currently available on Visa Developer provide the tokenization services needed by merchants or wallet providers who want to tokenize their card-on-file repositories and/or obtain a token for a single online purchase and then use those tokens in standard e-Commerce purchases.

How Does It Work?

Token Provisioning

A consumer enrolls their Visa account with a digital payment service provider (such as an online retailer or mobile wallet) by providing their primary account number (PAN), security code, and other account information. The digital payment service provider requests a payment token from Visa for the enrolled account. Depending on the use case, Visa may share the token request with the issuing bank. With the account issuer’s approval, Visa replaces the consumer’s PAN with the token. Visa then shares the token with the digital payment service provider for online and mobile (NFC) payment use. A payment token can be limited to a specific mobile device, e-Commerce merchant, or number of purchase transactions before expiring.

Token Use

The consumer makes a payment online, in-store, or in an application. Depending on the circumstances of the purchase, the digital payment service provider passes the token to the acquirer as part of an authorization request. The acquirer receives the token and routes it to Visa to begin processing the transaction. Visa sends the token, along with the corresponding payment card details, to the issuer for authorization. The issuer accepts or declines the transactions and sends its response back to Visa. The token and payment authorization are routed back to the merchant’s bank.

This is available as either a complete solution or as individual components that co-exist with your proprietary solutions. The Visa Token Service consists of three turnkey parts.

Token Management Tools

  • Service Enrollment: Enroll and configure your digital credit and debit products into the token service
  • Provisioning: Deliver tokens to authorized internet-connected devices and mobile applications for payment
  • Lifecycle Management: Suspend, resume, or delete tokens in the payment network and on devices
  • Active Key Management: Access security and controls, including domain restrictions
  • Card Metadata: Manage the card data and card art presented to consumers
  • Token Display Request: Display the digital card art asset
  • Reporting: Analyze and gain insights from performance metrics and operational performance

Visa Token Vault

  • Stores tokens in a secure digital vault
  • Links tokens to a cardholder’s PAN for payment processing

Visa Risk Manager

  • Places fraud and risk controls on your digital credit and debit products

Why Use It?


Minimizes the risk of fraudulent use of data if the device or account is compromised. Based on the EMVCo payment tokenization standard and aligns with EMV technology (the global standard for secure payments).



Allows issuers and processors flexibility over how to deploy and manage secure digital accounts. Can set token variables (including transaction thresholds and time limits) and identify authorized token requestors.



Provides immediate access to new and innovative digital payment platforms. Grants access to Visa Checkout and select digital wallets including Android Pay, Apple Pay, and Samsung Pay.

Who Can Use It?

  • Issuers

  • Merchants

  • Independent Developers

APIs Included

Enroll PAN

Allows a merchant or wallet provider to enroll a PAN in the token service and receive card metadata while waiting to provision a token at a later date.


Provision Token

Allows a merchant or wallet provider to request and receive a token for a given PAN or to request and receive a token using the PAN Enrollment ID obtained from a previous PAN enrollment.


Token Lifecycle Management

Manage Token Lifecycle


Get Content

Displays the digital card art assets.

Payment Data (Token and Cryptogram)-

Given token Enables a merchant or wallet provider to obtain a cryptogram for use in an e-Commerce purchase transaction with a previously-provisioned token.


Token Status Retrieval Request

Returns the status of a specific provisioned token.



Get Card Metadata

Allows a merchant or wallet provider to get the card metadata and card art.

Coming Soon

APIs that enable provisioning and use of tokens for HCE-based contactless (NFC) payments and for in-app purchases using tokens provisioned to a mobile device.