A token is a string that represents a customer’s payment details. Merchants use the token instead of the customer’s payment details to take a payment. To save a customer’s payment details, the merchant uses their POS to send us a tokenization request and we store the customer’s payment details in our vault. We then generate a token and send it to the merchant in the response. Tokens don’t contain any payment details and only the merchant that saved the payment details can use the token. Another benefit of tokenization is that merchants can store the tokens on their devices without any additional PCI compliance requirements. Our gateway can generate two types of tokens:
  • Secure tokens
  • Single-use tokens

Secure tokens

Secure tokens are useful for repeat payments because the merchant can use them multiple times. Merchants can also use their POS to manage their secure tokens, for example, they can update secure tokens when the customer updates their payment details. When a merchant stores payment details and creates a secure token, they must use a merchant-initiated transaction (MIT) agreement to indicate how they’re going to use the token. There are three options that merchants can choose:
  • Recurring – The merchant takes payments at set intervals until the customer cancels the payments. For example, a monthly magazine subscription.
  • Installment – The merchant takes payments over a fixed period. For example, monthly payments to pay for a household appliance.
  • Unscheduled - Payments are not part of a payment plan or regular billing schedule. For example, a dental practice charges a fee for a missed appointment.

Single-use tokens

Single-use tokens expire after 30 minutes and merchants can use them only once. After the merchant uses their POS to create a single-use token, they can’t update it or delete it. Because merchants can’t use single-use tokens for repeat payments, they don’t have to provide a MIT agreement.