Learn about how PXP's Token Vault solution works.
Token Vault allows you to replace sensitive card data with secure tokens that can only be decrypted by authorised parties, dramatically reducing your security risks.
With Token Vault, you benefit from:
- Secure tokenisation: Replace sensitive card data with secure tokens, dramatically reducing PCI compliance burdens and security risks.
- Browser-based tokenisation: Tokenise directly from the browser to minimise exposure to sensitive card data.
- One-click payments: Enable frictionless checkout experiences with stored tokens for returning customers.
- Encrypted data storage: Store and retrieve card data in both masked and encrypted formats for different security requirements.
- Cryptographic security: Generate scheme token cryptograms for enhanced transaction security and verification.
Token Vault supports two distinct types of tokens: gateway tokens and scheme tokens. Each serves different use cases and can be used independently or together depending on your business needs.
A gateway token is a merchant-specific identifier that replaces card data within your payment ecosystem, making it ideal for recurring billing and local storage. While it reduces PCI scope, a gateway token can't be used across different providers or shared between merchants.
A scheme (network) token is created by a card network and works across the entire payment ecosystem. It can be used with any payment provider and offers enhanced security through real-time card status checks, plus support for cryptographic verification. We currently support Visa and Mastercard tokens.
You can use both gateway and scheme tokens together in a combined approach. For example, by using gateway tokens for trial periods, then switching to scheme tokens for long-term subscriptions.
By using a combined approach, you benefit from:
- Immediate availability: Use gateway tokens for instant processing while scheme tokens are being provisioned.
- Redundancy: Maintain both token types for backup and failover scenarios.
- Flexibility: Choose the optimal token type for each specific transaction or use case.
- Migration path: Start with gateway tokens and add scheme tokens as your needs evolve.
The overall tokenisation process consists of these key steps:
- Tokenisation request: You initiate a request for card tokenisation, providing essential details like the Primary Account Number (PAN), expiry date, and optionally, the Card Verification Code (CVC).
- Token creation: PXP's Token Vault generates tokens tailored to your preferences. See Token types for more information.
- Scheme registration: For scheme tokenisation, Token Vault registers the card with the relevant card scheme. Once completed, you'll receive an immediate webhook notification, confirming that the token is ready for use.
- Decision making: For added security, you can request a scheme token cryptogram. This is a unique verification value linked to the token, that enables you to secure payments during the initiation process.
- Automatic card updates: If a card associated with a scheme token is replaced or reissued, Token Vault automatically updates the token and can notify you, ensuring a smooth and uninterrupted process.
The Token Vault service supports two integration modes:
- Standalone: Connect with PXP and use our scheme tokenisation service as a standalone service.
- Integrated: Use our gateway and scheme tokenisation services alongside other PXP products, as part of our broader card processing solution.
You can subscribe to webhooks to receive real-time notifications related to scheme token management.
We support the following webhook events:
- Scheme token created: A scheme token was successfully created and is now ready to be used.
- Scheme token creation error: An error occurred during the creation of a scheme token.
- Scheme token card updated: A scheme token was updated.
- Scheme token disabled: A scheme token was disabled.
For more information about webhooks, see About webhooks and Manage webhooks.