Release 24.2

go directly to content

Search by keywords

Merchant token

To search in the page use Ctrl+F on your keyboard

Worldline Sips is a PCI DSS compliant, secure multi-channel e-commerce payment solution. It allows you to accept and manage payment transactions taking into account the business rules related to your activity (payment on delivery, deferred payment, recurring payment, payment in instalments, etc.).

The purpose of this document is to introduce the tokenisation tool in the Worldline Sips solution.

This document is intended for merchants and their technical teams wishing to implement tokenisation on their e-commerce website.

To get an overview of the Worldline Sips solution, we advise you to consult the following documents:

Tokenisation is the process of substituting the credit card number (PAN), considered an element of sensitive data, with an equivalent non-sensitive data (token) created by a tokeniser.

Using the token is a simple method that avoids the constraints of PCI DSS standards.

Screenshot of a log snippet showing the merchantToken column

Diagram that describes the mode of operation of the Worldline tokenizer by distinguishing areas containing sensitive data from areas without storing sensitive data. We invite you to contact us for a more detailed explanation.

Each token created in Worldline Sips has the following features:

  • The token and the PAN have the same length to minimise changes in your information system.
  • The PAN is fully tokenised (no numbers remain in plain text).
  • The token includes at least one letter to distinguish it from the PAN in plain text.
  • The token is unique for a given card number.
  • It is irreversible (the card number cannot be found from the token).
  • It is free to use in your information system (you can manipulate it according to your needs).
IMPORTANT: our tokenisation solution is PCI DSS certified.

The token allows you to perform various actions to override and check the so-called sensitive information.

You can:

  • Submit a payment using the cardOrder function
  • Submit a 3-D Secure payment, using the cardCheckEnrollment feature.
  • Credit a customer with the creditHolder function.
  • Retrieve the PAN from the token using the token2pan function.
  • Add the token to a fraud list, using the addToFraudList function.
Sips Paypage Sips Office Sips Office Batch Sips In-App Sips Walletpage
Return token V V X V X
PAN tokenisation X V V X X
Transaction tokenisation X V V X X
Detokenisation X V X X X
Payment from a token X V V V X
Credit holder from a token X V V X X
Add token to a fraud list X V V X X

Worldline Sips returns, in the response, the token of the card entered on payment:

  1. A card payment is made on your website, the PAN is sent to Worldline Sips.
  2. Worldline Sips sends the PAN to the tokenizer and returns the matching token.
  3. Worldline Sips sends the token to you in the response (using the tokenPan field).
  4. You can store the token and use it.

Note: this operation is valid for both types of response (manual or automatic).

You can use the tokenisation service directly to tokenise a readable card number, with the pan2Token function:

  1. Details of the card payment made on your site are sent to Worldline Sips.
  2. You use the pan2Token function to send the transaction details to the tokenizer.
  3. The tokenizer returns the matching token to you.
  4. You can store and use the token.

You can also retrieve the token from the transactionReference field, using the transactionToToken function:

  1. You send to Worldline Sips, using the transactionToToken function, the details of an existing transaction (including the PAN) contained in the transactionReference field.
  2. Worldline Sips uses the pan2Token function to send the PAN to the tokenizer and receives the matching token in return.
  3. Worldline Sips sends the token to you in its response.
  4. You can store the token and use it.

You can retrieve the token through the Transactions report, because the latter includes the merchantToken field which, when tokenisation is active, is populated with the token used for each transaction.

The following is a sample Transactions report with tokens inside:

Screenshot of a log snippet showing the merchantToken column

If you have access to Sips Office Extranet, you can retrieve the token for a specific transaction by performing a search and viewing the transaction details.

The token is displayed in the payment details:

Capture of the transaction detail

Capture of the transaction detail indicating that the token is recoverable in the Payment Details box in the first Token line.
Tip: please refer to our Sips Office Extranet documentation to learn more about searching for and viewing a transaction.

The following are the most common token use cases under Worldline Sips.

Would you like to offer subscription payment? Use the token when making a recurring payment:

  • The PAN is entered at the initial payment due date.
  • the associated token is reused for future payment due dates.

You can take advantage of a token to prevent a card from being used several times in a certain context.

For example:

  • You would like to offer subscription to a service with the first three months free of charge.
  • However you do not want a customer to get a new three-month period free of charge if they cancel their subscription within the first three months and then buy a new subscription within the fourth month.

The steps will be as follows:

  • The customer makes a standard first payment using their payment card.
  • The PAN of the credit card used is "tokenised"
  • You retrieve and store the token with information stating that the token was used to get the first three months free of charge.
  • On subsequent payment by the customer, you will check in post-payment (using the information associated with it) if the token has already been used to get the first three months free of charge. If it has, you can cancel the transaction and the access to the offered service.

With our OneClick solution, your customers can make a purchase and pay with a single click on the Worldline Sips payment pages, without having to re-enter their payment details.

Having retrieved and stored the token generated during an initial "standard" payment (with PAN entry), you can reuse the token and make a OneClick payment with strong 3-D Secure authentication using the Sips Office connector.

This site uses trackers to improve your experience, perform analysis and researches on your use of WL Sips documentation website.
You have several options:
Closing this banner you refuse the use of trackers on your device.