Re: Non Payment (Network) Tokens for Visa Offer Platform

Manu_Ashok
Helper

Non Payment (Network) Tokens for Visa Offer Platform

Hi All

 

We are a non-PCI DSS Loyalty platform solution provider. We have recently acquired a client from US whose loyalty model is that they have a merchant network and their customers enrol Visa cards (and others such as MC/Amex) in the loyalty program so that they can earn points on transactions done at participating merchants.

 

We have done a due diligence on client's system and we are good with using the Visa Offers Platform. But one very important question still remains - We are supposed to use tokens instead of real Visa card numbers and these tokens should be the non-payment or network tokens, since we have heard that there is a huge complexity in using the traditional payment tokens. Because we are simply getting these transactions for scoring, our client has told that there is some non-expiring "network token" available from visa which can be made available by Visa.

 

I did search through all APIs but unfortunately being a newbie i am not able to differentiate between these two types of token and also mostly the token related APIs seems to be of payment token. 

 

Can anyone please help me to locate such APIs - do they really exist? Or is it something region specific and we need to place a special request..

Looking very much forward to hear from you all... Please help

Manu
3 REPLIES 3
vkamboj
Community Moderator

Re: Non Payment (Network) Tokens for Visa Offer Platform

Hello @Manu_Ashok

 

The Visa Offers Platform (VOP) provides partners access to qualified Visa transaction data of enrolled cardholders. By integrating with the Visa Offers Platform, partners can enhance their own loyalty and offer programs in new and powerful ways. The Visa Offers Platform accesses the VisaNet authorization stream to monitor enrolled cardholder transactions in real time and send relevant notifications to partners. Also, it monitors the settlement stream for settled transactions and sends relevant notifications to the partners. Using these APIs, partners can integrate Visa Offers Platform capabilities and transaction data into their own web and mobile applications.

 

The VOP APIs use mutual SSL authentication and channel encryption, which requires you to obtain a user ID and password as well as, install a PKI certificate issued by Visa. You can get test credentials online in the Application Console for sandbox testing. Production credentials will be supplied to you as part of the production client on-boarding process.

All program providers must be PCI compliant to use Visa’s Web services APIs. A third-party consulting organization must perform a PCI audit on an annual basis in order to demonstrate compliance. Please refer to the PCI Security Compliance Standards for more information.

 

PCI compliance is not required for working in the sandbox environment, as this area only uses test card numbers.

 

If you are looking to integrate with payment methods using token authentication, please look at the following APIs. 

 

CyberSource Payments - https://developer.visa.com/capabilities/cybersource/docs

Visa Checkout - https://developer.visa.com/capabilities/visa_checkout

 

In addition, please check our website for specific APIs relevant to your business case

https://developer.visa.com/

https://developer.visa.com/apibrowser

 

Please let me know if you have any questions. 

 

Thank you, 

Vaibhav 

Was your question answered? Don't forget to click on "Accept as Solution" to help other devs find the answer to the same question.
Manu_Ashok
Helper

Re: Non Payment (Network) Tokens for Visa Offer Platform

Hi Vaibhav



Many thanks for the valuable information you have shared. Thanks for connecting me to the Cybersource Payments API documents and they proved to be very helpful at this stage of the project.



My question here is since we do not wish to use the actual card nos on the VOP APIs e.g. say for CardenrollAPI of a customer, instead of sending the card number in request, we wish to send the token and deal with tokens only to identify the member and their transactions. So, is it possible? Considering a use case of cardholder enrolment on VOP, can i

1. Call the Cybersource APIs to get the token no of the cardholder.

2. Then use this token to send request to Enrollment API?



If this is possible, what is the complexity to manage these tokens. Are these fixed token valid throughout the card lifetimne or do they keep changing. I have heard that payment tokens expire after n transactions and in case if one wants to use these tokens, the provisioning and lifecycle management of a token is a project in itself.

Could you please share your thoughts on these as well.
Manu
Gauree
Newbie

Re: Non Payment (Network) Tokens for Visa Offer Platform

The Visa Token Service (VTS), a new security technology from Visa, replaces sensitive account information, such as the 16-digit primary account number, with a unique digital identifier called a token. The token allows payments to be processed without exposing actual account details.