Network Tokenization

This section contains information on network tokenization:

Network Token Enablement

Network token enablement is currently a manual process and requires a request to be sent to
Cybersource
support. For more information about network token enablement, visit the Support Center:
IMPORTANT
Before sending the request, you must ensure that the merchant/parent MID has been created and the
TMS
product is enabled.
Network Tokenization

Network Token Onboarding—Partner Model

This workflow shows the merchant onboarding process.
The workflow begins when the partner creates a merchant profile on the
Cybersource
platform using
TMS
templates.

Figure:

Network Token Onboarding for Partners
  1. The gateway sets up templates for TMS.
  2. partner creates merchant profile using TMS templates.
  3. The partner submits a request to
    Cybersource
    via API.
  4. Cybersource
    creates a merchant based on the API request and confirms boarding success with partner.
  5. The partner provides merchant details via email to enable network tokenization and submits email to
    Cybersource
    support.
  6. Cybersource
    verifies the request, generates the onboarding request, and sends the request to the card brand.
  7. The card brand completes the registration process and responds to
    Cybersource
    with the confirmation and token requestor ID (TRID).
  8. Cybersource
    notifies the partner that onboarding is complete.
  9. The partner completes merchant setup.
Network Tokenization

Network Token Life-Cycle Management

Life-cycle management is a key feature of credentials-on-file (COF) network tokenization. Issuers can keep COF network tokens updated as changes are made to their cardholders' accounts.
TMS
notifies you in real time when updates are made to a card represented by the COF network token in your
TMS
vault. Issuers push the life-cycle management updates either in real time or via a batch process to the card brands. Life-cycle updates and timelines will vary by issuer based on their update process. For example,
TMS
notifies you when a card becomes inactive.
There are two distinct types of life-cycle management events:
  • COF token status changes. Token statuses are:
    • ACTIVE
      : The account and network token are active and in good standing.
      When COF network tokens are active, merchants can process transactions according to their COF agreement.
    • SUSPENDED
      : This status is temporary for COF network tokens and can change to
      ACTIVE
      or
      DELETED
      . Merchants should not send authorizations on suspended tokens. However, these tokens can be re-activated by the issuer later. Suspended COF network token events are usually triggered according to cardholder instruction or flagged by the issuer for suspected fraudulent activity. When the status changes from
      SUSPENDED
      to
      ACTIVE
      or
      DELETED
      , a merchant receives a life-cycle management update.
      Merchants can proactively contact a cardholder to update the credential or have them contact the issuer to reactivate the credential.
    • DELETED
      : This is the final state for a network token. A network token can be deleted when the account is closed or on cardholder instruction.
      Merchants must request a new credential from the cardholder.
    • EXPIRED
      : This is a temporary status for COF network tokens where the token has passed its expiration date. This is not a status that results from a life-cycle management update.
      Cybersource
      does not process transactions with network tokens that have an
      EXPIRED
      status and merchants should not send transactions with network tokens that have an
      EXPIRED
      status. When the network token status is
      EXPIRED
      , there should be a life-cycle management notification to update the status of the token, or the merchant can submit a re-provision.
  • PAN updates to the COF network token:
    • NEW PAYMENT ACCOUNT NUMBER
      :  A new PAN has been provisioned for the network token.
      Merchants can retrieve the new PAN suffix (last four digits) and the new expiration date to store in their cardholder records.
    • NEW PAYMENT ACCOUNT EXPIRY
      : A new expiration date has been provided by the issuer associated with the PAN.
      Merchants can retrieve the new expiration date and store it in their cardholder records.
Network Tokenization

Network Token Life-Cycle Management Reports

You can generate reports that contain Life-Cycle Management events for Network Tokens. These reports include network token-related fields that are updated as a result of the Life-Cycle Management events sent to the
Token Management Service
.
For more information about how to generate these reports in the
Business Center
, see the
Reporting User Guide
.
For more information about how to generate these reports using the Reporting API, see the
Reporting API
.
The
Reporting User Guide
and the
Reporting Developer Guide
contain
these relevant topics:
  • Downloading Available Reports
  • Creating Custom Reports
  • Subscribing to Standard Reports
  • Fields and Descriptions for Downloadable Reports
Network Tokenization

Token Requestor IDs

A token requestor ID (TRID) is a unique identifier to allow entities such as merchants to request network tokens from token providers and is a prerequisite for enabling network tokenization.
Each entity must register with the token provider to get the TRID. Contact a
Cybersource
representative to onboard a merchant as a token requestor.

Visa and Mastercard TRIDs

An internal user can enroll a merchant as a VISA or Mastercard token requestor through the
Business Center
.
Follow these steps to enroll a merchant as a token requestor in the
Business Center
:
  1. Navigate to
    Token Management
    .
  2. Select
    Vault Management
    .
  3. Use the Vault Owner filter to search for the merchant account that has
    TMS
    enabled.
  4. Click to merchant account to view the
    TMS
    vaults that are configured for the merchant.
  5. Click
    Network Tokenization
    .
  6. Select
    Enroll to VISA/Mastercard token services
    .
  7. Enter the required information for each card type:
    Mastercard
    Business entity name
    Visa
    Merchant name
    Merchant website URL
    Merchant country code
  8. Click
    Enroll to Network Token Services
    to complete enrollment.
After enroll is submitted, the
relationshipID
and TRID is filled on the screen for VTS and TRID for Mastercard.
In order to request a TRID to the token provider,
Cybersource
uses merchant business details already stored. If any of the details are not present, a dialog form should appear prompting you to complete the missing fields.

American Express TRIDs

Enrollment as a token requestor for American Express tokens is still a manual process. Contact your
Cybersource
representative to request the TRID to American Express.
Please allow 2 to 3 days for the completion of your request.
IMPORTANT
SE Numbers
are required to process American Express card transactions.
Network Tokenization