Tokenization, the best (only) way to accept payments online.
The short version: is less expensive and you shift most of the PCI liability away from your company.
The more precise description is:
Cardholder Information Management and Billing (CIMB)
Many merchants who serve regular/returning customers require the ability to bill those customers on a custom basis for varying amounts. However, a significant infrastructure is required to safely store and secure a database of cardholder data "in-house" makes it too expensive and onerous for many businesses to undertake. With today's increased focus on data security, many merchants are opting to maintain their customer information via third-party systems, like our Cardholder Information Management and Billing (CIMB).
CIMB allows you to create and maintain a database of cardholder credit card information - called "tokens" - and then submit requests, via a number of different formats, to charge those cardholders for the amount of your choice.
These tokens are stored by the Internet Payment Gateway on secure servers, eliminating the need for you to invest the time and expense of PCI compliance for your own system. You'll simply associate that token with your customer's profile in your own database. When that cardholder wishes to make a purchase or when you have a need to bill them for a product or service, you'll only need to pass us the token in your transaction request and our CIMB module will do the rest.
CIMB is permission-based and must be turned on for your account. The Signatory on the merchant account (signing authority on file) must submit a request to add the feature. Once the feature is activated, the Signatory may assign permission to use the feature to any User on the account, through the Manage Users option in the Merchant Area.
Transactions processed through this module are charged the same rates as your regular sales and are paid to you on the same schedule. Your Transaction Query section will also contain the history of these sales, for review at your convenience.
What Exactly Is A "Token"?
A token is a 16 character, randomly generated, alpha-numeric record of a credit card number. The first four digits correspond to the last four digits of the credit card number to which it is associated, to facilitate any desired cross-referencing to Transaction Query after transactions are processed (the merchant has the option to correspond to the last 4 digits if they prefer). Like a credit card number, it is unique; no two tokens are the same. A token replaces the need for merchants to pass us cardholder information on a transaction request and therefore removes the need for the merchant to actually store any cardholder data. Instead, they will associate their customer in their internal database with the unique token ID they have created in the CIMB module. When submitting a transaction for processing, they will submit the Token in place of cardholder data.
Token creation can be initiated as part of a regular charge to a credit card or independent of one. Creation of a token with no initial purchase involves a Card Authentication request. The card is authorized for $1.11 in order to fully engage the Address and Card Number Verification features (AVS/CVN) and then the authorization is auto-reversed. Some Issuers will display the pending authorization to their customers for a short period of time, however the charge will not be settled to the cardholder account.
Why Are Tokens Safer?
A CIMB Token can be used only through the merchant account to which it is associated. On its own, it has no value to anyone and therefore does not create exposure for the merchant if token numbers are stolen or misplaced.
How Tokenization Works
Merchant will create, via their choice of several methods, a database of cardholders in the CIMB module (including all billing address details, email address and card number data). The system will assign a unique Token number that the merchant may use to cross-reference with customer information in his or her own database.
Merchant will submit, via one of several methods, transaction requests that the system will pass through a verification process (to identify and exclude invalid data).
Within 30 minutes, our system will validate the file for format and content and post a report of results. Validated records will be queued for processing. Failed records will be excluded from the queue for the merchant to correct and resubmit in a subsequent file.
The queue of validated requests will be submitted to the Issuers for authorization once every hour on the hour.
Merchant will receive an email confirmation of processing results.
Confirmation receipts for transactions will be issued to both cardholder and merchant, if requested (optional settings).
Merchant can view Processing results in one of a number of ways, via export script, via Merchant Area Transaction Query and via download of response variables from the CIMB module.
What Transaction Types Does CIMB Support?
CIMB will accept transaction requests for both pre-authorizations and sales. Pre-authorization can then be completed for one of "card on file", "recurring" or "installment" payment types. Refunds for CIMB-processed transitions may be initiated via the Merchant Area or by passing us an XML request.
Getting Started with CIMB?
When the Signatory submits a request to the Internet Payment Gateway Merchant Services Team to activate the Customer Information Management and Billing Module, it will first appear on the Signatory's login to the Merchant Area under a link on the top toolbar. The Signatory may use the feature him/herself or assign the permission to another User by choosing Options from the top toolbar and proceeding to Manage Users. The CIMB checkbox will appear under Permissions for new or existing users and must be checked off in order to activate it for that particular User. Once permission has been activated, the User will also see the CIMB link on the top toolbar of their own Merchant Area login.
Now you're ready to create and manage your CIMB database. Refer to the "Add" menu on the left sidebar for your particular Integration Method.
Need, even more information about tokenization?
Download the PCI DSS Tokenization Guidelines from PCI Security Standards Council. (https://www.pcisecuritystandards.org)