How it works

Learn about the PCI Proxy Network Token solution.

As usual, PCI Proxy sits between you and sensitive data. The green arrows represent flows which are out of PCI DSS scope, and the red arrows indicate flows which are in PCI scope.


CC: Raw Credit Card Number (FPAN)

PCIP: PCI Proxy Token (Alias 2.0)

NT: Network Token (DPAN)

CRG: Cryptogram


  1. Card details are captured with one of our integration methods which support Network Tokenization.
  2. PCI Proxy requests a Network Token at the respective scheme (VTS, MDES, or AETS soon).
  3. If a Network Token is returned by one of the schemes, we produce a PCI Proxy token.
  4. This PCI Proxy token is sent to your servers.
  5. Call the Alias Status API to check if a Network Token has been created, or check if an expiry date has changed.
  6. Forward the PCI Proxy token to the Forward Proxy and specify the payload according to what the receiver is expecting.
  7. Depending on the submitted payload, PCI Proxy decides whether to convert the PCI Proxy token to a PAN or a Network Token. In case of a Network Token, PCI Proxy requests a new cryptogram at the schemes and populates the request with it.
  8. The request is forwarded to the receiver for further processing.