The Visa Token Service (VTS), a new security technology from Visa, replaces sensitive account information, such as the 16-digit primary account number, with a unique digital identifier called a token. The token allows payments to be processed without exposing actual account details that could potentially be compromised. Issuers, merchants, and wallet providers can deliver secure mobile payment applications, gain access to third-party digital payment experiences, or securely maintain cards on file in order to offer their customers safe ways to shop online and with mobile devices.
Visa Token Service provides the payment ecosystem with a flexible and scalable way to securely provision and manage digital credentials (tokens) across remote (e-Commerce and m-Commerce) and mobile contactless form factors. In order for payment tokens to provide improved protection against misuse, the token is limited to use in a specific domain, such as token requester, mobile device, merchant, transaction type, or channel. These capabilities are made available and complemented through a common set of Visa APIs.
The Token Service APIs currently available on Visa Developer provide the tokenization services needed by merchants or wallet providers who want to tokenize their card-on-file repositories and/or obtain a token for a single online purchase and then use those tokens in standard e-Commerce purchases.
A consumer enrolls their Visa account with a digital payment service provider (such as an online retailer or mobile wallet) by providing their primary account number (PAN), security code, and other account information. The digital payment service provider requests a payment token from Visa for the enrolled account. Depending on the use case, Visa may share the token request with the issuing bank. With the account issuer’s approval, Visa replaces the consumer’s PAN with the token. Visa then shares the token with the digital payment service provider for online and mobile (NFC) payment use. A payment token can be limited to a specific mobile device, e-Commerce merchant, or number of purchase transactions before expiring.
The consumer makes a payment online, in-store, or in an application. Depending on the circumstances of the purchase, the digital payment service provider passes the token to the acquirer as part of an authorization request. The acquirer receives the token and routes it to Visa to begin processing the transaction. Visa sends the token, along with the corresponding payment card details, to the issuer for authorization. The issuer accepts or declines the transactions and sends its response back to Visa. The token and payment authorization are routed back to the merchant’s bank.
This is available as either a complete solution or as individual components that co-exist with your proprietary solutions. The Visa Token Service consists of three turnkey parts.
Token Management Tools
Visa Token Vault
Visa Risk Manager
Minimizes the risk of fraudulent use of data if the device or account is compromised. Based on the EMVCo payment tokenization standard and aligns with EMV technology (the global standard for secure payments).
Allows issuers and processors flexibility over how to deploy and manage secure digital accounts. Can set token variables (including transaction thresholds and time limits) and identify authorized token requestors.
Provides immediate access to new and innovative digital payment platforms. Grants access to Visa Checkout and select digital wallets including Android Pay, Apple Pay, and Samsung Pay.
Allows a merchant or wallet provider to enroll a PAN in the token service and receive card metadata while waiting to provision a token at a later date.
Allows a merchant or wallet provider to request and receive a token for a given PAN or to request and receive a token using the PAN Enrollment ID obtained from a previous PAN enrollment.
Manage Token Lifecycle
Displays the digital card art assets.
Given token Enables a merchant or wallet provider to obtain a cryptogram for use in an e-Commerce purchase transaction with a previously-provisioned token.
Returns the status of a specific provisioned token.
Allows a merchant or wallet provider to get the card metadata and card art.
APIs that enable provisioning and use of tokens for HCE-based contactless (NFC) payments and for in-app purchases using tokens provisioned to a mobile device.