Introduction to the Token Management Service
Token Management Service
The
Token Management Service
(TMS
) enables you to replace personally
identifiable information (PII), such as the primary account numbers (PANs), with
unique tokens. These tokens do not include the PII data, but act as a placeholder
for the personal information that would otherwise need to be shared. By using
tokens, businesses can provide a secure payment experience, reduce the risk of
fraud, and comply with industry consumer security regulations such as PCI-DSS.TMS
links tokens across service providers, payment types, and channels
for sellers, acquirers, and technology partners. TMS
tokenizes, securely stores, and manages the primary account number (PAN), the
payment card expiration date, electronic check
details,
and customer data. TMS
also enables you
to create a network token of a customer's payment card.IMPORTANT
Due to mandates from the Reserve
Bank of India, Indian merchants cannot store PANs. Use network tokenization instead.
You can manage sensitive data securely by
creating, retrieving, updating, and deleting tokens through the TMS API.
TMS
simplifies your PCI DSS compliance. TMS
passes tokens
back to you that represent this data. You then store these tokens in your
environment and databases instead of storing customer payment
details.TMS
protects sensitive payment information through tokenization and
secures and manages customer data using these token types:- Customer tokens
- Instrument identifier tokens
- Payment instrument tokens
- Shipping address tokens
TMS
tokens can be used individually, or they can
be associated with one customer token:
Types of Tokens
These tokens comprise the types of
TMS
tokens:
-
Customer Token: Contains customer's email address, customer ID, shipping address (stored in a token), and other related data.
-
Shipping Address Token: Contains the shipping address associated with a customer token.
-
Payment Instrument Token: Contains the complete billing details for the payment type including cardholder name, expiration date, and billing address.
-
Instrument Identifier Token: Contains the tokenized primary account number (PAN) for card payments as well as the associated network token or U.S. or Canadian bank account number and routing number.
-
Network Token: Network tokens pass through an acquirer and are de-tokenized by the payment network or issuer. For customer-initiated transactions, they require a cryptogram. Network tokens are mapped to instrument identifier tokens.