Understanding Tokens
Credit card companies have defined security standards that
must be followed by companies and organizations taking credit card payments.
The purpose of the security standards is to eliminate opportunities for theft
and fraud of credit card data. These security standards require payment
applications (such as Personify360) to not store full credit card numbers.
The way in which Personify360 complies with credit card
security standards is that tokens are used as a replacement for full credit
card numbers. A token, which is a random number, serves as a reference to a
customer’s real credit card number, but has no exploitable value by itself. The
token is a reference to the credit card, not to a transaction.
Any time a credit card authorization or settlement activity
is created in Personify360, the credit card processor returns a token, which is
stored in Personify360. If the customer had previous activities with the credit
card, the last token is updated with the new token, along with the date of the
new token.
For organizations using PayPal (formerly known as Verisign),
each credit card token is good for one year. The CCP650 batch process will
re-tokenize credit cards if the token is about to expire. CyberSource and
Vantiv tokens never expire, so organizations using these payment handlers do
not need to run the CCP650 batch process.