Visa Token Service
The Visa Token Service (VTS), a security technology by Visa, is designed to protect account information, such as the primary account number, from unauthorized use. It replaces the sensitive card data with a unique token.
Payment service providers and acquiring banks can no longer store customer card data, but use a token from Visa to receive payments. Buyers’ card numbers will only be stored by Visa and issuing banks. This measure significantly reduces the risk of card data interception and makes it way harder for intruders to compromise card data in general.
Once the buyer's card is tokenized in Visa Token Service, s/he receives an SMS notification provided that the relevant notification settings are activated for the buyer's card account.
Example of the data with TAVV cryptogram received from Visa Token Service
{
"vPaymentDataID": "54df012448e3a441b3f714bd56d8eb02",
"paymentInstrument": {
"last4": "0044",
"paymentType": {
"cardBrand": "VISA"
},
"paymentAccountReference": "V0010013020315513942420893974"
},
"tokenInfo": {
"encTokenInfo": "eyJhbGciOiJBMjU2RNN0S1ciLCJpdiI6ImpqU2tyZVhhVmNwckJiX2kiLCJ0YWciOiJoMVAyZUhyQ18zWWZieHRRMlNQakF3IiwiZW5jIjoiQTI1NkdDTSIsInR5cCI6IkpPU0UiLCJraWQiOiI3UE80T1hQVEhJS1czQjNJMUdTTzEzMWU5MGVZcC1sUExtZXRmSXBPbVltVndfTDVJIiwiY2hhbm5lbFNlY3VyaXR5Q29udGV4dCI6IlNIQVJFRF9TRUNSRVQiLCJpYXQiOiIxNjMwMDY2NDQ2In0.FY-AA_658fhzqk5w6jolQcPM_9JUfZa2V-nd3coZl7Q.zwrsFTOjYFMzCq81.iIgOnxfCY55n2eG6wpo6j9UPYoXJLa3H4Z92ug.FNG_yuGFnz_WiD3JhLSWSQ",
"last4": "0887",
"expirationDate": {
"month": "12",
"year": "2025"
}
},
"cryptogramInfo": {
"cryptogram": "AgAAABB6qqnJd0oAmbuXgu8AAAA=",
"eci": "07",
"atc": "31402"
}
}
Example of the data with CTAVV cryptogram received from Visa Token Service
{
"vPaymentDataID": "54df012448e3a441b3f714bd56d8eb02",
"paymentInstrument": {
"last4": "0044",
"paymentType": {
"cardBrand": "VISA"
},
"paymentAccountReference": "V0010013020315513942420893974"
},
"tokenInfo": {
"encTokenInfo": "eyJhbGciOiJBMjU2RNN0S1ciLCJpdiI6ImpqU2tyZVhhVmNwckJiX2kiLCJ0YWciOiJoMVAyZUhyQ18zWWZieHRRMlNQakF3IiwiZW5jIjoiQTI1NkdDTSIsInR5cCI6IkpPU0UiLCJraWQiOiI3UE80T1hQVEhJS1czQjNJMUdTTzEzMWU5MGVZcC1sUExtZXRmSXBPbVltVndfTDVJIiwiY2hhbm5lbFNlY3VyaXR5Q29udGV4dCI6IlNIQVJFRF9TRUNSRVQiLCJpYXQiOiIxNjMwMDY2NDQ2In0.FY-AA_658fhzqk5w6jolQcPM_9JUfZa2V-nd3coZl7Q.zwrsFTOjYFMzCq81.iIgOnxfCY55n2eG6wpo6j9UPYoXJLa3H4Z92ug.FNG_yuGFnz_WiD3JhLSWSQ",
"last4": "0887",
"expirationDate": {
"month": "12",
"year": "2025"
}
},
"cryptogramInfo": {
"ctavvCryptogram": "AgAAAAHHHZ/09IEAmbuXgh4AAAA=",
"eci": "05",
"cryptogramExpirationDate": "2077-09-27T17:06:09.000Z"
}
}
Make payments with a token received from Visa Token Service
Request
The PayCross system allows you to use the data received from Visa Token Service in payment and authorization requests.
To complete a payment and get an operation result, make the following steps:
-
Decrypt the
encTokenInfodata and append them to the JSON as the value of thetokenkey of thedecTokenInfoparameter of thetokenInfoobject. -
Send the obtained result as the value of the
request.credit_card.tokenparameter in the$begateway_vts_decrypted_1_0_0$<base64_Visa Token Service Data_here>format, where<base64_Visa Token Service Data_here>is the JSON you get on Step 1 in theBase64-strictformat.
Example of the JSON object with decrypted token
{
"vPaymentDataID": "54df012448e3a411b3f714bd56d8eb02",
"paymentInstrument": {
"last4": "0044",
"paymentType": {
"cardBrand": "VISA"
},
"paymentAccountReference": "V0010013020315513942420883974"
},
"tokenInfo": {
"encTokenInfo": "eyJhbGciOiJBMjU2R0NNS1ciLCJpdiI6ImpqU2tyZVhhVmNwckJiX2kiLCJ0YWciOiJoMVAyZUhyQ18zWWZieHRRMlNQakF3IiwiZW5jIjoiQTI1NkdDTSIsInR5cCI6IkpPU0UiLCJraWQiOiI3UE80T1hQVEhJS1czQjNJMUdTTzEzMWU5MGVZcC1sUExtZXRmSXBPbVltVndfTDVJIiwiY2hhbm5lbFNlY3VyaXR5Q29udGV4dCI6IlNIQVJFRF9TRUNSRVQiLCJpYXQiOiIxNjMwMDY2NDQ2In0.FY-AA_658fhzqk5w6jolQcPM_9JUfZa2V-nd3coZl7Q.zwrsFTOjYFMzCq81.iIgOnxfCY55n2eG6wpo6j9UPYoXJLa3H4Z92ug.FNG_yuGFnz_WiD3JhLSWSQ",
"last4": "0887",
"expirationDate": {
"month": "12",
"year": "2025"
},
"decTokenInfo": {
"token": "4417329760000887"
}
},
"cryptogramInfo": {
"cryptogram": "AgAAAAB6qqnJd0oAmbuXgu8AAAA=",
"eci": "07",
"atc": "31402"
}
}
Example of the request
{
"request":{
"amount":100,
"currency":"USD",
"description":"VTS test transaction",
"tracking_id":"your_uniq_number",
"credit_card":{
"token": "$begateway_vts_decrypted_1_0_0$fn5anNvbgp7CiAgInZQYXltZW50RGF0YUlEIjogIjU0ZGYwMTI0NDhlM2E0MTFiM2Y3MTRiZDU2ZDhlYjAyIiwKICAiY3J5cHRvZ3JhbUluZm8iOiB7CiAgICAiY3J5cHRvZ3JhbSI6ICJbRklMVEVSRURdIiwKICAgICJlY2kiOiAiMDciLAogICAgImF0YyI6ICIzMTQwMiIKICB9LAogICJwYXltZW50SW5zdHJ1bWVudCI6IHsKICAgICJsYXN0NCI6ICIwMDQ0IiwKICAgICJwYXltZW50VHlwZSI6IHsKICAgICAgImNhcmRCcmFuZCI6ICJWSVNBIgogICAgfSwKICAgICJwYXltZW50QWNjb3VudFJlZmVyZW5jZSI6ICJWMDAxMDAxMzAyMDMxNTUxMzk0MjQyMDg4Mzk3NCIKICB9LAogICJ0b2tlbkluZm8iOiB7CiAgICAiZW5jVG9rZW5JbmZvIjogImV5SmhiR2NpT2lKQk1qVTJSME5OUzFjaUxDSnBkaUk2SW1wcVUydHlaVmhoVm1Od2NrSmlYMmtpTENKMFlXY2lPaUpvTVZBeVpVaHlRMTh6V1daaWVIUlJNbE5RYWtGM0lpd2laVzVqSWpvaVFUSTFOa2REVFNJc0luUjVjQ0k2SWtwUFUwVWlMQ0pyYVdRaU9pSTNVRTgwVDFoUVZFaEpTMWN6UWpOSk1VZFRUekV6TVdVNU1HVlpjQzFzVUV4dFpYUm1TWEJQYlZsdFZuZGZURFZKSWl3aVkyaGhibTVsYkZObFkzVnlhWFI1UTI5dWRHVjRkQ0k2SWxOSVFWSkZSRjlUUlVOU1JWUWlMQ0pwWVhRaU9pSXhOak13TURZMk5EUTJJbjAuRlktQUFfNjU4Zmh6cWs1dzZqb2xRY1BNXzlKVWZaYTJWLW5kM2NvWmw3US56d3JzRlRPallGTXpDcTgxLmlJZ09ueGZDWTU1bjJlRzZ3cG82ajlVUFlvWEpMYTNINFo5MnVnLkZOR195dUdGbnpfV2lEM0poTFNXU1EiLAogICAgImxhc3Q0IjogIjA4ODciLAogICAgImV4cGlyYXRpb25EYXRlIjogewogICAgICAibW9udGgiOiAiMTIiLAogICAgICAieWVhciI6ICIyMDIyIgogICAgfSwKICAgICJkZWNUb2tlbkluZm8iOiB7CiAgICAgICJ0b2tlbiI6ICI0eHh4eDA4ODciCiAgICB9CiAgfQp9Cn5+fg=="
}
}
}
Response
The response to the payment request with the Visa Token Service data will be returned synchronously with operation statuses and fully conforms to payment or authorization operation responses.
List of possible errors
| Error | Description |
|---|---|
{"response"=>{"message"=>"Not allowed"}} |
Transactions with decrypted Visa Token Service data are not allowed for the shop. Contact your Account Manager. |
{"response"=>{"message"=>"Invalid token"}} |
Transmitted token data can not be parsed. Check the request parameters and values. |