Token Management Service Onboarding
Token Management Service
OnboardingThis section contains information necessary to onboard merchants and
TMS
vault
management:
Merchant ID Hierarchy
The
Business Center
is an online portal provisioned to partners and end merchants. This portal can be used to onboard merchants, view transactional activity and generate and download reports among other things.
There are two environments associated with the
Business Center
. Each has its own corresponding URL in order to gain access to the
Business Center
for the relevant environment:
Test
:
https://businesscentertest.cybersource.com
Production
:
https://businesscenter.cybersource.com
In order to gain access to
Business Center
partners/merchants must be provisioned with an Organization ID, otherwise known as a merchant ID (MID). There are multiple types of MIDs:
-
Portfolio: typically a MID that provisioned to partners. Allows partners to onboard merchants into in either a test or production environment.
-
Merchant: This is a parent MID that can house multiple transactional MIDs. This will be directly associated with the end merchant and will be created by the partner under the portfolio MID. This MID will be attached to specific functionality such as the token vault (Token Management Servicevault).
-
Transactional: This is a child MID. Each partner’s end merchant may have multiple transactional MIDs. The transactional MID is typically used for processing intoToken Management Service, for example, to provision a network token via theToken Management ServiceAPI. This will be directly associated with the partners end merchant and will be created by the partner under the portfolio MID.
Merchant ID Registration
A
Cybersource
MID is a unique value within
Cybersource
that you define during account registration. Your MID identifies your merchant account and payment configuration within
Cybersource
systems. You provide this identifier when you sign in to the
Business Center
and submit transactions to
Cybersource
.
Multiple MIDs can be configured for various token types. You receive the instrument identifier token regardless of your account’s token type. Reasons for multiple MIDs include:
-
You have multiple processors.
-
Point-of-sale terminals have unique MIDs, which are usually configured for the PAN-only instrument identifier token.
When you have multiple MIDs, you can set up one token vault to which all of your MIDs have access or set up multiple vaults to limit access to tokens. See Token Vault Management for more information on setting up and managing your token vault.
Create an Evaluation Account
To create an evaluation account, visit the
Business Center
Evaluation Account Sign-Up page.
To complete the registration process, follow the email instructions that you received to activate your merchant account, and log in to the
Business Center
.
Send your
merchantID
to
TMS
representative supporting you with integration to create a vault and enable
Token Management Service
with network tokens.
Portfolio MIDs for Partners
Partners will need to onboard merchants using a portfolio MID. To create a portfolio MID, contact
Cybersource
support. For information about creating a portfolio MID, visit the Support Center:
Customer support will respond with a questionnaire. The below information will need to be completed:
-
Organization ID: Portfolio MID name
-
Environment: Test and Production
-
Business information: The business name and address
-
Business contact: The contact that receives an email registration link to gain access toBusiness Centerthrough the portfolio MID.
-
Technical contact: The contact that receives automatically generated notifications, such as product updates, as well as non-urgent notifications.
-
Emergency contact: The contact that receives urgent messages such as service outage notifications
-
Merchant notifications: This will send a welcome email to the business contact associated with the end merchant.
-
Processing information: Not applicable.
-
Product information:TMSonly
-
Customer Support: Not applicable.
-
Branding: Not applicable.
Token Vault Management
Token vaults are where merchants store their customer and payment data. A
Business Center
internal user can enable the
TMS
vault.
Vaults are assigned to an owner, and all data within the vault belongs to the owner. You can grant permission to individual MIDs to create, retrieve, update, and delete tokens within a vault. Created tokens belong to the owner of the vault, not the creator of the token. If you remove a MID from a vault, it can no longer access any tokens within that vault, including tokens created under that MID.
IMPORTANT
It is not currently possible to merge vaults, so ensure that merchants are set up with the correct vault by creating a new vault or granting access to an existing vault.
Message-Level Encryption Keys
When events contain personally identifiable information, such as payment information, the notifications are sent using message-level encryption. Before you can send requests for
Cybersource
services using message-level encryption (MLE), you must go to the
Business Center
and create an MLE security key for your
Cybersource
merchant account.
MLE keys expire after 3 years.
Security keys can be used to make any request, including payments. Treat your security keys as you would any secure password.
You must use separate keys for the test and production environments.
To create an MLE key, see Creating a Message-Level Encryption Key.