Introduction
Worldline Sips is a PCI DSS compliant, secure multi-channel e-commerce payment solution. It allows you to accept and manage payment transactions taking into account the business rules related to your activity (payment on delivery, deferred payment, recurring payment, payment in instalments, etc.).
The purpose of this document is to introduce the tokenisation tool in the Worldline Sips solution.
Who does this document target?
This document is intended for merchants and their technical teams wishing to implement tokenisation on their e-commerce website.
To get an overview of the Worldline Sips solution, we advise you to consult the following documents:
What is tokenisation?
Tokenisation is the process of substituting the credit card number (PAN), considered an element of sensitive data, with an equivalent non-sensitive data (token) created by a tokeniser.
Using the token is a simple method that avoids the constraints of PCI DSS standards.
Functional diagram
Token features under Worldline Sips
Each token created in Worldline Sips has the following features:
- The token and the PAN have the same length to minimise changes in your information system.
- The PAN is fully tokenised (no numbers remain in plain text).
- The token includes at least one letter to distinguish it from the PAN in plain text.
- The token is unique for a given card number.
- It is irreversible (the card number cannot be found from the token).
- It is free to use in your information system (you can manipulate it according to your needs).
What can you do with a token?
The token allows you to perform various actions to override and check the so-called sensitive information.
You can:
- Submit a payment using the
cardOrderfunction - Submit a 3-D Secure payment, using the
cardCheckEnrollmentfeature. - Credit a customer with the
creditHolderfunction. - Retrieve the PAN from the token using the
token2panfunction. - Add the token to a fraud list, using the
addToFraudListfunction.
Availability per connector
| Sips Paypage | Sips Office | Sips Office Batch | Sips In-App | Sips Walletpage | |
|---|---|---|---|---|---|
| Return token | V | V | X | V | X |
| PAN tokenisation | X | V | V | X | X |
| Transaction tokenisation | X | V | V | X | X |
| Detokenisation | X | V | X | X | X |
| Payment from a token | X | V | V | V | X |
| Credit holder from a token | X | V | V | X | X |
| Add token to a fraud list | X | V | V | X | X |
How can you retrieve a token?
Through the payment response
Worldline Sips returns, in the response, the token of the card entered on payment:
- A card payment is made on your website, the PAN is sent to Worldline Sips.
- Worldline Sips sends the PAN to the tokenizer and returns the matching token.
- Worldline Sips sends the token to
you in the response (using the
tokenPanfield). - You can store the token and use it.
Through the tokenisation service
You can use the tokenisation service directly to tokenise a readable
card number, with the pan2Token
function:
- Details of the card payment made on your site are sent to Worldline Sips.
- You use the
pan2Tokenfunction to send the transaction details to the tokenizer. - The tokenizer returns the matching token to you.
- You can store and use the token.
You can also retrieve the token from the transactionReference field, using the
transactionToToken function:
- You send to Worldline Sips, using the
transactionToTokenfunction, the details of an existing transaction (including the PAN) contained in thetransactionReferencefield. - Worldline Sips uses the
pan2Tokenfunction to send the PAN to the tokenizer and receives the matching token in return. - Worldline Sips sends the token to you in its response.
- You can store the token and use it.
Through the reports
You can retrieve the token through the Transactions report, because
the latter includes the merchantToken field which, when tokenisation
is active, is populated with the token used for each transaction.
The following is a sample Transactions report with tokens inside:
Through Sips Office Extranet
If you have access to Sips Office Extranet, you can retrieve the token for a specific transaction by performing a search and viewing the transaction details.
The token is displayed in the payment details:
Use cases
The following are the most common token use cases under Worldline Sips.
Subscription
Would you like to offer subscription payment? Use the token when making a recurring payment:
- The PAN is entered at the initial payment due date.
- the associated token is reused for future payment due dates.
Checking the reuse of a card
You can take advantage of a token to prevent a card from being used several times in a certain context.
For example:
- You would like to offer subscription to a service with the first three months free of charge.
- However you do not want a customer to get a new three-month period free of charge if they cancel their subscription within the first three months and then buy a new subscription within the fourth month.
The steps will be as follows:
- The customer makes a standard first payment using their payment card.
- The PAN of the credit card used is "tokenised"
- You retrieve and store the token with information stating that the token was used to get the first three months free of charge.
- On subsequent payment by the customer, you will check in post-payment (using the information associated with it) if the token has already been used to get the first three months free of charge. If it has, you can cancel the transaction and the access to the offered service.
OneClick
With our OneClick solution, your customers can make a purchase and pay with a single click on the Worldline Sips payment pages, without having to re-enter their payment details.
Having retrieved and stored the token generated during an initial "standard" payment (with PAN entry), you can reuse the token and make a OneClick payment with strong 3-D Secure authentication using the Sips Office connector.
