We are a non-PCI DSS Loyalty platform solution provider. We have recently acquired a client from US whose loyalty model is that they have a merchant network and their customers enrol Visa cards (and others such as MC/Amex) in the loyalty program so that they can earn points on transactions done at participating merchants.
We have done a due diligence on client's system and we are good with using the Visa Offers Platform. But one very important question still remains - We are supposed to use tokens instead of real Visa card numbers and these tokens should be the non-payment or network tokens, since we have heard that there is a huge complexity in using the traditional payment tokens. Because we are simply getting these transactions for scoring, our client has told that there is some non-expiring "network token" available from visa which can be made available by Visa.
I did search through all APIs but unfortunately being a newbie i am not able to differentiate between these two types of token and also mostly the token related APIs seems to be of payment token.
Can anyone please help me to locate such APIs - do they really exist? Or is it something region specific and we need to place a special request..
Looking very much forward to hear from you all... Please help
The Visa Offers Platform (VOP) provides partners access to qualified Visa transaction data of enrolled cardholders. By integrating with the Visa Offers Platform, partners can enhance their own loyalty and offer programs in new and powerful ways. The Visa Offers Platform accesses the VisaNet authorization stream to monitor enrolled cardholder transactions in real time and send relevant notifications to partners. Also, it monitors the settlement stream for settled transactions and sends relevant notifications to the partners. Using these APIs, partners can integrate Visa Offers Platform capabilities and transaction data into their own web and mobile applications.
The VOP APIs use mutual SSL authentication and channel encryption, which requires you to obtain a user ID and password as well as, install a PKI certificate issued by Visa. You can get test credentials online in the Application Console for sandbox testing. Production credentials will be supplied to you as part of the production client on-boarding process.
All program providers must be PCI compliant to use Visa’s Web services APIs. A third-party consulting organization must perform a PCI audit on an annual basis in order to demonstrate compliance. Please refer to the PCI Security Compliance Standards for more information.
PCI compliance is not required for working in the sandbox environment, as this area only uses test card numbers.
If you are looking to integrate with payment methods using token authentication, please look at the following APIs.
CyberSource Payments - https://developer.visa.com/capabilities/cybersource/docs
Visa Checkout - https://developer.visa.com/capabilities/visa_checkout
In addition, please check our website for specific APIs relevant to your business case
Please let me know if you have any questions.
The Visa Token Service (VTS), a new security technology from Visa, replaces sensitive account information, such as the 16-digit primary account number, with a unique digital identifier called a token. The token allows payments to be processed without exposing actual account details.