Introduction to the
Token Management Service

The
Token Management Service
(
TMS
) enables you to replace personally identifiable information (PII), such as the primary account numbers (PANs), with unique tokens. These tokens do not include the PII data, but act as a placeholder for the personal information that would otherwise need to be shared. By using tokens, businesses can provide a secure payment experience, reduce the risk of fraud, and comply with industry consumer security regulations such as PCI-DSS.
TMS
links tokens across service providers, payment types, and channels for sellers, acquirers, and technology partners.
TMS
tokenizes, securely stores, and manages the primary account number (PAN), the payment card expiration date,
electronic check details,
and customer data.
TMS
also enables you to create a network token of a customer's payment card.
IMPORTANT
Due to mandates from the Reserve Bank of India, Indian merchants cannot store PANs. Use network tokenization instead.
You can manage sensitive data securely by creating, retrieving, updating, and deleting tokens through the TMS API.
TMS
simplifies your PCI DSS compliance.
TMS
passes tokens back to you that represent this data. You then store these tokens in your environment and databases instead of storing customer payment details.
TMS
protects sensitive payment information through tokenization and secures and manages customer data using these token types:
  • Customer tokens
  • Instrument identifier tokens
  • Payment instrument tokens
  • Shipping address tokens
These
TMS
tokens can be used individually, or they can be associated with one customer token:

Figure:

TMS
Token Types
Diagram of the unified token identifier.

Types of Tokens

These tokens comprise the types of
TMS
tokens:
  • Customer Token
    : Contains customer's email address, customer ID, shipping address (stored in a token), and other related data.
  • Shipping Address Token
    : Contains the shipping address associated with a customer token.
  • Payment Instrument Token
    : Contains the complete billing details for the payment type including cardholder name, expiration date, and billing address.
  • Instrument Identifier Token
    : Contains the tokenized primary account number (PAN) for card payments as well as the associated network token or U.S. or Canadian bank account number and routing number.
  • Network Token
    : Network tokens pass through an acquirer and are de-tokenized by the payment network or issuer. For customer-initiated transactions, they require a cryptogram. Network tokens are mapped to instrument identifier tokens.

Figure:

TMS
Token Types