Secure Tokens


Secure Token (ST) is useful for merchants which are required to perform regular payments without the card holders entering their information. This feature enables merchants to enter the payment card details and store them in a secure way, in order to use it in the future for recurring payments. Merchants can now find all their tokenized cards in one location.

Considering that only PCI-DSS certified merchants are allowed to store card details, the Secure Token feature can remove this concern from the merchant's domain.

The Secure Token feature is located under the “Customers” tab in the SelfCare system.

Also:

  • Secure Tokens can be shared with different terminals under the same Merchant or Merchant Portfolio, as long as those elements are configured to allow that.
  • Our Secure Token feature works together with our Subscription feature, meaning that a Secure Token needs to be registered before you can set up a Subscription for regular payments.

The following subsections will present more details on each action regarding this feature.

Secure Token Registration

To register a new secure token go to the “Secure Tokens” feature and choose “Register New Secure Token” button. Then fill in the card details and make sure that you complete all the fields.

  • Merchant Ref - merchant's reference for the Secure Token.
  • Card type - Master Card, Visa Debit, Visa, etc.
  • Card number - complete card number
  • CVV - this is going to be required depending on settings on your terminal.
  • Expiry date - month and year.
  • Cardholder name - complete card holder name printed on the card.
  • Secure Token use - (Credential on File - optional and recommended) unscheduled, recurring, and installment payments.

An error message will appear if there are any incomplete details, as shown by the next images.

Once all the details have been entered, click on the “Register” button in the bottom right corner to save the secure token details for future use. You can view the details of your new secure token in the list of all registered cards under “Secure Token” menu.

If your card requires CVV code or your Terminal is configured to perform secure token validation (CVV mandatory or not), the Payment Gateway performs an account verification before registering the Secure Token:

  • If the CVV field is informed, the CVV response returned is verified and if it's positive the secure token is registered, if not, an error is generated.
  • If the CVV field is not informed, the result of the transaction is verified and if it's successful the secure token is registered, if not, an error is generated.

Depending on the Payment Processor used by the Terminal, the account verification can be performed in two distinct ways:

  • A 0.00 (zero) amount transaction or,
  • A 1.00 (one) currency unit amount transaction followed, when successful, by its voiding (both transactions will appear in your batch).

If you would like to see the details of this transaction, go to “Reporting” tab and then to “Open Batch” section.

Please see below the examples of common Error messages occurring during new secure token registration process, due to incomplete details entered: “There are errors in your form. Please review and retry”.


Secure Token Editing

When accessing the Secure Token option,all the previously registered ST are listed. You can also search for secure tokens by “Merchant reference” or by other criteria in the Advanced filter. Using the search feature to combine, remove and add filters helps narrow down your search even further.

In order to edit the details of a secure token, click on the “Edit” link next to the required secure token's details.


Please note that you are not able to amend the Merchant Ref, modification date and Card Reference. (Please remember that you cannot use the same Merchant Ref which was already used for another card twice, to register or edit a new secure token, even if the previous card has been deleted).

Important Notes:

  • I. You can choose a different Card Type from the available selection.
  • II. If you wish to edit the card number, tick the box “Update Card Number” and then put the new card number. Then tick the box “CVV required” if your card requires CVV and enter the correct CVV code.
  • III. You can also amend the cardholder's name, if needed.
  • IV. You can change the Secure Token use value pertaining to Credential on File.
  • V. If you do not want to make any changes, click on “Cancel” button in the bottom right corner and you will return to the all secure tokens list.
  • VI. When you make sure that all the new details are correct, click on the “Update” button to save the changes. This way, new updated Secure Token will be saved in the place of the old, incorrect one.


When you click on “Update”, the new secure tokens details are saved and they appear in the “Secure tokens” list. Please note that if there is no 'tick' sign next to card reference number, it means that this card was not CVV validated.

CVV Validation: All Secure Tokens registered are validated.

  • a) If the ST is registered without a CVV, our Gateway is going to submit a validation for the card number.
  • b) If the CVV is informed, a CVV validation transaction is going to be performed.
  • c) Cards that have been validated will have a green border to indicate the card or the CVV has been verified.

Depending on your Acquirer, the validation may vary between a $ 1.00 currency unit authorization following by the voiding of the validation, or a $ 0.00 currency unit validation. If you would like to see the details of this transaction, go to “Reporting” tab and then to “Open Batch” section.


Secure Token Deleting

In order to delete a Secure Token from the list, please click on “Delete” link next to the chosen card's details.

Please note that the system will not allow you to delete a secure token which has been already used to create a subscription.

In the case when a secure token is already used in a subscription, you will need to delete/finish the subscription first, before you will be able to delete that secure token.


The image below shows confirmation to delete, as an example.

Merchants can now find all their tokenized cards in one location.

To display your secure tokens:

  1. 1. Select the terminal.
  2. 2. Select at least one other search criteria.

For Secure Token, you can “Search by Merchant Reference”, “Search by Card” or use “Advanced Filter”.

To search Secure Tokens by Merchant Reference, you just need to put the full merchant ref number in the field and click on “Submit” button.

Use the multiple search features to combine, remove and add filters to help narrow down your search.


To search Secure Tokens by Card, you can use the following criteria.

  • Last 4 digits of the Card.
  • First 6 digits and last 4 digits of the Card.
  • Card expiry date.

This search is mostly used to find Secure Tokens details when you don't have the full card number.

Note: Credit card logos will be displayed for quick visualization of the card type.

The last search option, Advanced Filter, allows the following criteria:

  • Cardholder name.
  • Card reference - secure token unique reference used as the token.
  • Merchant Holder - particularly useful when the Secure Tokens are shared between Merchants of a Merchant Portfolio.
  • Terminal Holder - particularly useful when the Secure Tokens are shared between Terminals of a Merchant.

Please make sure that you put the complete reference - for example complete cardholder name (name and surname) and complete card ref - otherwise the search will not bring any results.

Additional way to search:

  • To search cards by expiration date, use the Expiring in filter in the Multiple Field Search.
  • View the last 5 transactions performed on a secure token to easily view the transaction detail without having to go into a closed batch.
  • Use the Save Searches feature to save search criteria for future use.

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International