WL Sips is a PCI DSS compliant, secure multi-channel e-commerce payment solution. It allows you to accept and manage payment transactions taking into account the business rules related to your activity (payment on delivery, deferred payment, recurring payment, payment in instalments, etc.).
The purpose of this document is to introduce the tokenisation tool in the WL Sips solution.
Who does this document target?
What is tokenisation?
Tokenisation is the process of substituting the credit card number (PAN), considered an element of sensitive data, with an equivalent non-sensitive data (token) created by a tokeniser.
Using the token is a simple method that avoids the constraints of PCI DSS standards.
Token features under WL Sips
Each token created in WL Sips has the following features:
- The token and the PAN have the same length to minimise changes in your information system.
- The PAN is fully tokenised (no numbers remain in plain text).
- The token includes at least one letter to distinguish it from the PAN in plain text.
- The token is unique for a given card number.
- It is irreversible (the card number cannot be found from the token).
- It is free to use in your information system (you can manipulate it according to your needs).
What can you do with a token?
The token allows you to perform various actions to override and check the so-called sensitive information.
- Submit a payment using the
- Submit a 3-D Secure payment, using the
- Credit a customer with the
- Retrieve the PAN from the token using the
- Add the token to a fraud list, using the
Availability per connector
|Sips Paypage||Sips Office||Sips Office Batch||Sips In-App||Sips Walletpage|
|Payment from a token||X||V||V||V||X|
|Credit holder from a token||X||V||V||X||X|
|Add token to a fraud list||X||V||V||X||X|
How can you retrieve a token?
Through the payment response
WL Sips returns, in the response, the token of the card entered on payment:
- A card payment is made on your website, the PAN is sent to WL Sips.
- WL Sips sends the PAN to the tokenizer and returns the matching token.
- WL Sips sends the token to
you in the response (using the
- You can store the token and use it.
Through the tokenisation service
You can use the tokenisation service directly to tokenise a readable
card number, with the
- Details of the card payment made on your site are sent to WL Sips.
- You use the
pan2Tokenfunction to send the transaction details to the tokenizer.
- The tokenizer returns the matching token to you.
- You can store and use the token.
You can also retrieve the token from the
transactionReference field, using the
- You send to WL Sips, using the
transactionToTokenfunction, the details of an existing transaction (including the PAN) contained in the
- WL Sips uses the
pan2Tokenfunction to send the PAN to the tokenizer and receives the matching token in return.
- WL Sips sends the token to you in its response.
- You can store the token and use it.
Through the reports
You can retrieve the token through the Transactions report, because
the latter includes the
merchantToken field which, when tokenisation
is active, is populated with the token used for each transaction.
The following is a sample Transactions report with tokens inside:
Through Sips Office Extranet
If you have access to Sips Office Extranet, you can retrieve the token for a specific transaction by performing a search and viewing the transaction details.
The token is displayed in the payment details:
The following are the most common token use cases under WL Sips.
Would you like to offer subscription payment? Use the token when making a recurring payment:
- The PAN is entered at the initial payment due date.
- the associated token is reused for future payment due dates.
Checking the reuse of a card
You can take advantage of a token to prevent a card from being used several times in a certain context.
- You would like to offer subscription to a service with the first three months free of charge.
- However you do not want a customer to get a new three-month period free of charge if they cancel their subscription within the first three months and then buy a new subscription within the fourth month.
The steps will be as follows:
- The customer makes a standard first payment using their payment card.
- The PAN of the credit card used is "tokenised"
- You retrieve and store the token with information stating that the token was used to get the first three months free of charge.
- On subsequent payment by the customer, you will check in post-payment (using the information associated with it) if the token has already been used to get the first three months free of charge. If it has, you can cancel the transaction and the access to the offered service.
With our OneClick solution, your customers can make a purchase and pay with a single click on the WL Sips payment pages, without having to re-enter their payment details.
Having retrieved and stored the token generated during an initial "standard" payment (with PAN entry), you can reuse the token and make a OneClick payment with strong 3-D Secure authentication using the Sips Office connector.