- The automatic provisioning of tokens for use with the orchestration platform.
- The standalone tokenization endpoints for using the network tokens directly with the PSPs.
Before you start processing payments with network tokens, make sure you have
enabled processing with network tokens. Please contact the support team to get set up.
Automatic provisioning of network tokens
Although network tokens are agnostic tokens, not every payment service or acquirer support the usage of network tokens that were provisioned outside of their own environment. When you use the system to orchestrate your payment, the routing behavior is optimized to take into consideration the limitations of the payment services you’re connecting to. A payment service that supports externally obtained data is generally considered an open loop connection, while one that doesn’t is considered closed loop. In the orchestration platform, network tokens can be supported across any open-loop payment services. You don’t have to perform any additional integrations to use network tokens besides storing the original card data (PAN) in the vault. You can follow the regular flow of card integrations, and the original card details are automatically swapped out with the network token when possible. For each first time use of the token a cryptogram is provisioned. Subsequent merchant initiated transactions (MIT) do not need a cryptogram (these are optional), unless the transaction is done with a newly provisioned token. For example if you have migrated an already running billing sequence for a card to the systems and for these cards you’re provisioning tokens for the first time, the first transaction done with that token has a cryptogram provisioned automatically. The token and cryptogram are provisioned as “on file” and therefore the buyer does not have to be present for the provisioning of either the token or the cryptogram. The usage of network tokens has been optimized by implementing scheme best practices regarding cryptogram usage, as well as the correct payment flagging towards the payment services. Using Flow, it is possible to choose the instrument (PAN or Network token) in your routing rules, allowing you to optimize your routing behavior. For best practices and advice on routing optimizations, please reach out to the support team.Network token provisioning modes
Network token provisioning can be configured in two different modes: synchronous (default) and asynchronous. The mode you use depends on your performance requirements and tolerance for processing latency.Synchronous provisioning
In synchronous mode, the network token is created before the first transaction is processed. This ensures the token is ready for immediate use:- Initial Customer Initiated Transaction (CIT): The network token and cryptogram are created first, then the transaction is processed with the token and cryptogram.
- Subsequent CIT: The transaction is processed with the network token and cryptogram.
- Subsequent MIT: The transaction is processed with the network token only (cryptogram optional).
Asynchronous provisioning
In asynchronous mode, network token creation is deferred to a background process, allowing faster initial transaction processing. This mode is useful when network token/cryptogram generation latency would negatively impact the customer experience:- Initial CIT: The transaction is processed immediately with the PAN and CVV while the network token is created asynchronously in the background.
- Subsequent CIT: The transaction is processed with the network token and cryptogram (which were created in the background).
- Subsequent MIT: The transaction is processed with the network token only.
Asynchronous network tokenization is an opt-in feature that is currently configured per merchant by the support team. Contact support to enable asynchronous provisioning for your account if you require faster initial transaction processing.