FAQs on Network Tokenization

Can I access the plain text Network Token and the cryptogram?

Yes you can request the plain text Network Token and the corresponding cryptogram. Please see here for more details.

Can I use PCI Proxy as a standalone token service requestor?

Yes you can use PCI Proxy as a standalone token requestor without using our other services. Please check the standalone API section to learn more.

How do I know if a Network Token has been provisioned successfully?

Use the Tokenization API, if you have a transactionId, or the Alias Status API, if you have a PCI Proxy alias, to look for the networkToken object. If you see this object, it means that a Network Token has been provisioned.

Do Network Tokens provide any liability shift?

No. In case you want to shift liability to the issuer, SCA is still required. We recommend to use the 3D Secure API to authenticate cardholders.

Do I need to have a card verification code (CVC) to create a Network Token?

A CVC is not required for the creation of a Network Token. However, we recommend to check this per use-case if you still need to capture a CVC code. Depending on your acquirer agreement, you may need a CVC code when authorizing with PANs and not Network Tokens.

Can I remove a PAN stored in the PCI Proxy vault?

Yes you can remove the underlying PAN mapped to the PCI Proxy alias and only continue working with the Network Token. Please use the Alias PATCH API to remove a PAN mapped to a PCI Proxy alias.

If you do not want us to store PANs by default, please reach out to our team to configure your merchantID accordingly. Having this feature enabled will not give you any fallback option to the PAN anymore.

Are device pans (DPAN) from Google- and Apple Pay supported?

No - it's not yet possible to create a Network Token when the input is a DPAN (Device PAN) coming from Google- and Apple Pay.