GS Logo
Spotlight Partnerships
Skyscraper Ad
Banner Ad



Ramping up tokenization

Typically, in payments, when a merchant runs an electronic transaction, the gateway is programmed to use encrypted data tokens in place of sensitive card data to protect the merchant's side of the transaction flow. This prevents the possibility of a merchant storing private customer information on their servers and makes it difficult for anyone to steal the information for malicious purposes.

While this method is adequate for protecting the merchant in most cases, it doesn’t fully accommodate the merchant's needs when they want to set up a recurring transaction or handle a return-customer purchase without re-entering the card information.

"Originally, before tokenization became a hot word, when someone ran a transaction and needed to run another payment, we'd give them a transaction ID," said Vlad Galyuz, Vice President of Product Development at USAePay. "However, only some actions could be performed, and others could not, without having the sensitive payment details from the original transaction available."

A simple proprietary solution

According to Galyuz, the gateway providers had to come up with an improved version of the tokenization model to meet the needs of the growing number of merchants who wanted to use subscription and membership models or offer purchase incentive programs.

"We decided to make what is called True Tokenization, where a merchant can still run a transaction and get the response code back, but they can also get a transaction token to store," Galyuz explained, indicating the merchant would then use this token, that doesn't associate with sensitive card data, to do it again in place of running the card number.

The True Tokenization solution is 100 percent PCI compliant and merchants can even keep track of a client's card by searching the last four digits. "Sometimes you still want to know what type of card it is, so on top of the token, we send back the card type and the last four digits," Galyuz explained.

Galyuz noted the USAePay True Tokenization solution is exclusive to ecommerce purchases but it's still useful to brick and mortar merchants who offer omnichannel buying options.

Moreover, it isn't limited to one merchant account. "If you have a chain of accounts with us, you can copy the token to other locations," he said.

Promoting greater security

The True Tokenization feature is only available to merchants with accounts on the USAePay closed-loop system and Galyuz indicated this is to ensure maximum security. Additionally, none of the data stored on the merchant side is sensitive, so it can't be compromised in the event of a cyber intrusion.

"It's strictly stored for convenience, but at the same time, it's like having a card on file," Galyuz said. "It's more secure, and if you were breached, the data would be completely useless since there's nothing to decrypt."

Galyuz also noted the direct sales partner, whether it be an independent sales organization or independent software vendor, is also able to hold the payment data on file, because, "it is so desensitized, there is no risk involved, and it's outside the scope of PCI," he said.

USAePay's True Tokenization product is particularly beneficial for smaller market merchants, Galyuz explained, as well as businesses that use hosted payment forms.

"In a browser-based situation, you are sometimes faced with an unknown entity," Galyuz said. "It could be a man-in-the-middle attack or malicious code, browser plug-ins, or extensions, and we simply transmit the token, keeping the cardholder information secure."

Service first

USAePay offers the True Tokenization feature standard to all account holders as part of their commitment to partners, merchants, and the industry. "We like to offer these security features free of charge, because we believe it benefits our ecosystem, as well as the entire payments ecosystem," Galyuz confirmed.

Galyuz also said the company has an extensive wiki site online that was designed to help account holders understand the True Tokenization process better.

For more information, or to how to become a part of the USAePay network, please visit or contact a company representative directly at (866) 872-3729.

Featured content specifically for USAePay:

USAePay: Powering the mobile payments ecosystem

Finding better ways to TRANSACT

Ramping up tokenization

Enabling the developer

How secure is your gateway?

We can't wait to see you!

Automation for large retailers

Diversifying the payment gateway

Anatomy of friendly code

Bridging the EMV divide

Simplifying large-scale EMV management

Expanding the EMV horizon

Innovating the gateway

Security always matters

Mobile POS integrity you can count on

The coding behind your USAePay integration

Superb card-not-present strength and security

Great to see you at ETA!

New and improved iOS app for POS

We’ve made “friendliness” a core value