Links

FAQ & Terminology

Terminology Network Tokenisation

Term
Description
AETS
American Express Token Service
CIT
Customer Initiated. The cardholder is in session and triggered the payment.
DPAN
Device Primary Account Number
ECI
Electronic Commerce Indicator (ECI) security level associated with the Network Token.
FPAN
Full Primary Account Number (raw credit card number)
MDES
Mastercard Digital Enablement Service
MIT
Merchant Initiated. They payment is triggered by the merchant in absence of the cardholder.
OBOTR
On-Behalf-Of Token Requestor. Entity which is requesting a Network Token on behalf of a merchant.
PAN
Primary Account Number. Plain text credit card number.
TAVV
Token Authentication Verification Value (Cryptogram). Unique value each transaction which must be sent in the authorisation request to the Payment Provider.
TRID
Token Request ID - Merchant specific identifier that is used for provisioning Network Tokens.
TSP
Token Service Provider - Entity which is issuing the Network Token.
VTS
Visa Token Services

FAQ

Which card brands are supported?
As of November 2022, PCI Proxy is a certified Token Requestor for VISA VTS and MasterCard MDES. AMEX AETS is planned for mid of 2023. For any other brand please contact our team.
Which PCI Proxy integrations are supporting Network Tokenisation?
Once your account is activated, PCI Proxy provides in-built Network Tokenisation provisioning support for the following integration methods:

How do I know if a Network Token has been provisioned successfully?

Use the Tokenization API (if you have a transactionID) or the Alias Status API (if you have a PCI Proxy alias) and look for the tokenInfo object if you are not sure if a Network Token has been provisioned.
Can we remove a PAN from the PCI Proxy Vault if a Network Token has been created?
Yes - to remove a PAN mapped to an alias you can make use of the Alias PATCH API. Make sure a Network Token has been provisioned before you remove the underlying PAN by calling the Alias Status API.
Do Network Tokens provide any liability shift?
No - in case you want to shift the liability to the issuer, strong customer authentication is still required. We recommend to use the 3D-Secure APIs to authenticate cardholders.
Do I need to have a card verification code (CVC) to create a Network Token?
A CVC is not required for the creation of a Network Token - however, we recommend to check per use-case if you still need to capture the CVC code. Depending on your agreement with the acquirer you might need a CVC code when authorizing with PAN and not Network Tokens.