Customer Payment Tokens
In this article
About Payment Tokens
Payment tokens refer to a piece of data used to facilitate secure transactions without exposing sensitive financial information. These tokens act as stand-ins for actual credit card numbers or other payment credentials during transactions, offering an added layer of security by keeping the primary account details concealed. When a payment is initiated, the token is transmitted instead of the original payment details, ensuring that sensitive information remains protected from potential breaches or unauthorized access. This method enhances security in various digital payment scenarios, including online purchases, mobile payments, and contactless transactions, thereby reducing the risk of fraud and safeguarding consumers' financial data. In short, the Token is a string or number that acts as a reference to the consumers payment instrument and if known or seen, does not hold any value or security risk. Tokens historically are used to represent Credit and Debit cards but with the advent of Alternative Payment Methods (APMs) and other payment methods such as ACH, can be used to initiate a wider range of payment types. Tokens are often referred to at the Customer Level (for example to store a “card on file”) and also in the context of a transaction where a transaction level token or reference number is used to reference the transaction and would be used, for instance when refunding a transaction.
Token Scope
In the context of this article, we are discussing Customer level tokens.
Tokens are always bound to a particular Customer, Payment gateway and Connector Account, meaning if more than one Connector is installed and configured, a choice would need to be made as to which Connector Account to store the token against.
Expiry
Tokens have a expiry date and this duration depends upon the payment provider rules.
Vault
On the Payment Provider side, Tokens are often referred to as Vaults, Payment Methods, Instruments and ask you create a new Token in BC, you can see the Token on the Provider’s Portal. Exact features and functionality will depend upon the specific Payment Provider and the level of integration that MPG has carried out.
Customer Payment Tokens (List)
To view the Customer Token list, navigate to
Sales > Customers > [Customer] > Related > Customer > Payment Tokens
This will display a list of Payment Tokens for this customer.
|
Code |
A unique code given to this customer’s token. (20 characters) |
|
Description |
A description of the Token (80 characters) |
|
Blocked |
Boolean – indicates if the Token has been blocked |
|
Card Type |
For Card Tokens, this indicates the Card Brand |
|
Card Number |
For Card Tokens, this indicates the last four digits of the card. |
|
Card Holder Name |
The Account Name that would have been supplied when the Token was created |
|
Connector Type |
The Type of Payment Connector that was used to create the Token. |
|
Connector Account |
The Connector Account name that the Token is saved against. |
|
Last Updated On |
The date and time the record was last updated. |
View Token
There are several ways to view a Token. From the Tool bar – use the Manage feature or next to each record – use the three dots next to the Code.
In addition to the fields displayed on the list of Tokens, this form displays the AVS result and Billing Address.
Edit Token
The Edit Token feature allows you to edit the Code and Description to values of your choice. The Code must be unique across all tokens for this customer. If you choose a Code that already exists, you will receive a validation error preventing you from saving the record.
Token codes can be the same across different customers.
New Token
To create a new Token, select New Token from the Toolbar.
This will display the Token Registration form. This form will vary depending upon the Payment Provider / Connector that has been configured.
Available Connectors:
Creating a New Token with Fortis
Creating a New Token with Fortis
Use the scroll bar to scroll through the fields.
Typical fields are as follows:
|
Payment Info |
|
|
Card Number |
Enter the card number (typically 15 or 16 digits). The card brand logo will appear to the right of the Card Number |
|
Expiration Date |
Enter the Expiration or Expiry date of the card |
|
CVV |
Enter the 3 or 4 digit CVV number. This is optional. |
|
Name on Card |
Enter the Card or Account holder’s name |
|
Billing Info |
|
|
Address |
Enter the street or first line of the Billing Address |
|
Country |
Select Country that the card or account is registered to. |
|
The remaining fields are then context sensitive to the country |
|
|
State |
Select the State from the drop down list |
|
City |
Enter/type the City |
|
Zip code (Postal Code) |
Enter/type the Zip or Postal code |
To create a Token – tab or scroll through the fields on the form. The form includes validation. At the bottom of the form, select PAY.
Successful Token
If the Token was successful, then the form will simply close and the new Token will appear in the Customer Payment Tokens list.
Unsuccessful Token
If the Token was not created (for example it was declined), then you will receive a message on the Card Registration form, for example:
Test cards and other test data
To view a list of Test Data for Fortis, visit this link:
https://docs.fortispay.com/developers/api/test-data
Where you can obtain a test values for the Card Holders Billing Address that will simulate a transaction denial.
Address Verification (AVS)
Fortis applies Address Verification whilst creating the Token and depending on how Fortis is setup on the Cloud side, will determine if the Token creation is successful or not. You can view the result of the AVS by viewing or editing the Token.
Delete Customer Payment Tokens
From time to time, you may wish to delete your Tokens, for instance if the customer requests that you do so or the Token has expired. Tokens are not deleted on the Fortis Payment Gateway.
Viewing Tokens in the Fortis Gateway
Navigate to the Fortis Gateway (e.g. XXX.sandbox.zeamster.com/#/dashboard) and Select Account Vaults
