2. KnowSystem
  3. Tokenization

Tokenization

New COF Indicators

The iVeri Gateway, in collaboration with Nedbank, has introduced enhanced indicators to explicitly identify whether a transaction is initiated by the cardholder or the merchant, along with the applicable payment types.

These changes define specific transaction scenarios, each with corresponding parameters and merchant profile configurations that must be correctly set.


CIT - COF

Scenario 1 – Cardholder Initiated, Ecommerce Transactions

These are adhoc ecommerce transactions initiated by the customer, typically using tokenized payment credentials.


Parameter & Values Scenario and Conditions
CardHolderPresence: CIT, COF, SecureChannel CIT: Cardholder-initiated transaction 
SecureChannel: Ecommerce transaction without any 3D secure authentication data
COF: Credential On File (Where tokenized data is used)
Merchant Profile Configuration
No configuration requirements 
CardHolderPresence: CIT, COF 
3D secure 2 Parameters 		 CIT: Cardholder-initiated transaction 

COF: Credential on File (Where tokenized data is used) 
Merchant Profile Configuration
3D secure must be enabled, and triggered by the merchant 

MIT - COF 

Scenario 2 –Merchant Initiated, Recurring Transactions

These include recurring or adhoc transactions initiated by the merchant, often using tokenized credentials for periodic payments or unscheduled charges.


Parameter & Values Scenario and Conditions
CardHolderPresence: MIT, COF, Recurring, SecureChannel  MIT: Merchant initiated transaction 
COF: Credential  on File (Where tokenized data is used)
Recurring: Recurring Payment 


SecureChannel: Ecommerce transaction without any 3D secure authentication data

Merchant Profile Configuration
Recurring must be enabled 
CardHolderPresence

MIT, COF, SecureChannel 

 MIT: Merchant-initiated, adhoc transaction where tokenized data is used 
COF: Credential  on File (Where tokenized data is used)


SecureChannel: Ecommerce transaction without any 3D secure authentication data

Merchant Profile Configuration
No configuration requirements 

Legacy Card on File

This section applies to transactions that are first initiated by the cardholder where 3D secure is enforced, whereafter monthly debits can be processed by the merchant. The same principle may be applied for the Batch (product) recurring transactions, even though in the below example we have used a second Enterprise application ID which is not 3DS enforced.


COF & 3D Secure


First 3DS Transaction

Scenario – Cardholder initiated transaction with 3D Secure elements

Parameter & Values

  Scenario and Conditions

Debit with PAN

 

PAN:  

ExpiryDate: 

 

 

Process a transaction by setting and providing the full card details.

Merchant Profile Configuration

 3D secure must be enabled 

Debit with TransactionIndex

 

CardHolderPresence": "COF”

PANFormat 

PAN:  

ExpiryDate: 

TransactionIndex 

 

Process a COF transactions by setting the PANFormat and “Sanitised/tokenised card details

Merchant Profile Configuration

3D secure must be enabled 

The gateway will return the TransactionIndex, masked PAN and Expiry Date, which you will need to store in your database. The following field response values should be stored on your database, linked to the card holder details.

  • TransactionIndex
  • PAN
  • ExpiryDate

COF & MOTO

First Transaction

When performing your first transaction  using application id: 00000000-263b-4315-b2cd-000000000000, the following options are available:

Scenario: Cardholder initiated or merchant-initiated MOTO use case

Parameter  & Value

Scenario & Condition

Debit with PAN

CardHolderPresence": “MOTO, Securechannel”

PAN:  

ExpiryDate

Process transactions by setting CardHolderPrense to MOTO” and providing the full card details

 

Merchant Configuration

None required

 

Debit with TransactionIndex 

CardHolderPresence": "COF, MOTO”

PANFormat 

PAN:  

ExpiryDate: 

TransactionIndex 

 

Process a card of file (COF) transactions by setting the PANFormat and “Sanitised/tokenised card details

Along with CarHolderPresence with COF and MOTO

Merchant Application Configuration

None required

 

The gateway will return the TransactionIndex, masked PAN and Expiry Date, which you will need to store in your database. The following field response values should be stored on your database, linked to the card holder details.

  • TransactionIndex
  • PAN
  • ExpiryDate

COF & Recurring

When processing recurring payments, the merchant should use two application IDs - one for handling initial cardholder-initiated transactions, and the other for managing recurring payments initiated by the merchant.

First Transaction

Scenario – Cardholder Initiate transaction where 3D secure maybe triggered or without

Parameter  & Value

Scenario & Condition

Debit with PAN

PAN:  

ExpiryDate

 

First transaction that is cardholder initiated. This transaction can be 3D secure enforced or without.

Merchant Configuration

If the merchant triggers 3D secure ApplicationID must be enabled for 3DS, otherwise merchant must set CardHolderPresence to “Securechannel”

 

 

Debit TransactionIndex

 

CardHolderPresence: “COF,”

PAN: first 4, last 4 of the card

ExpiryDate

 

 

Cardholder initiated transactions with tokenized data

Merchant Configuration

 

 

The following field response values need to be stored on your database, linked to the card holder details.

  • TransactionIndex
  • PAN
  • ExpiryDate

 

Subsequent Recurring Transaction Message

In the sample below "CardHolderPresence" is set by the merchant on the Debit instruction:

 REST

Request 
{

    "Version": "2.0",

    "CertificateID": "{5c4b9c74-0063-4240-9cff-f730675c5bd0}",

    "ProductType": "Enterprise",

    "ProductVersion": "WebAPI",

    "Direction": "Request",

    "Transaction": {

        "ApplicationID": "{d8d5a94-8fa0-428d-a539-3a5baf166f7f}",

        "Command": "Debit ",

        "Mode": "Test",

        "MerchantReference": "Ned20221214_1117",

        "Currency": "ZAR", 

        "Amount": "1600",

        "ExpiryDate": "1230",

        "PAN": "4242........4242",

        "CardHolderPresence": "COF, "Recurring",

        "PANFormat": "TransactionIndex",

        "TransactionIndex": "7C256903-9097-41AE-81B6-54681B33301F"

        

 

    } 


Response 
{

    "Version": "2.0",

    "Direction": "Response",

    "Transaction": {

        "Amount": "1600",

        "AuthorisationCode": "811045",

        "CCNumber": "4242........4242",

        "Currency": "ZAR",

        "ExpiryDate": "122030",

        "MerchantReference": "Ned20221214_1117",

        "Terminal": "Default",

        "TransactionIndex": "{550B0E5C-AA2A-4A46-B7A4-9543338188D6}",

        "MerchantName": "iVeri Payment Technology",

        "MerchantUSN": "7771777",

        "Acquirer": "NBPostilionNBSouthAfrica",

        "AcquirerReference": "95713:04649948",

        "AcquirerDate": "20230109",

        "AcquirerTime": "091725",

        "DisplayAmount": "R 16.00",

        "BIN": "4",

        "Association": "VISA",

        "CardType": "Unknown CardType",

        "Issuer": "Unknown Issuer",

        "Jurisdiction": "International",

        "PAN": "4242........4242",

        "PANMode": "Tokenized",

        "ReconReference": "04649948",

        "CardHolderPresence": "CardNotPresent", "COF", "Recurring",

        "MerchantAddress": "MERCHANT ADDRESS",

        "MerchantCity": "Sandton",

        "MerchantCountryCode": "ZA",

        "MerchantCountry": "South Africa",

        "DistributorName": "Nedbank",

        "ApplicationID": "{6D8D5A94-8FA0-428D-A539-3A5BAF166F7F}",

        "Command": "Debit",

        "Mode": "Test",

        "RequestID": "{3ED8E51C-24AC-4959-8E8E-F3952DEF019A}",

        "Result": {

            "Status": "0",

            "Code": "0",

            "Description": "",

            "AppServer": "105IVERIAPPPR1N",

            "DBServer": "105iveridbpr01n",

            "Gateway": "Nedbank",

            "AcquirerCode": "00",

            "AcquirerDescription": ""

        }

    }

}

 

SOAP

Request 

<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

  xmlns:xsd="http://www.w3.org/2001/XMLSchema" 

xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">

  <soap:Body>

  <Execute xmlns="http://iveri.com/">

  <validateRequest>false</validateRequest>

  <protocol>V_XML</protocol>

  <protocolVersion>7.0</protocolVersion>

  <request>

    &lt;V_XML Version="2.0" CertificateID="{5c4b9c74-0063-4240-9cff-f730675c5bd0}" 

    ProductType="Enterprise" ProductVersion="iVeriWebService"

 Direction="Request"&gt; &lt;Transaction ApplicationID="{6d8d5a94-8fa0-428d-a539-3a5baf166f7f}" Command="Debit" Mode="Test"&gt;

    &lt;MerchantTrace&gt;24AZNXBEEE&lt;/MerchantTrace&gt;

    &lt;Amount&gt;2000&lt;/Amount&gt;

    &lt;Currency&gt;ZAR&lt;/Currency&gt;

    &lt;ExpiryDate&gt;042024&lt;/ExpiryDate&gt;

    &lt;MerchantReference&gt;20220104.0931&lt;/MerchantReference&gt;

    &lt;CardHolderPresence&gt;Recurring&lt;/CardHolderPresence&gt;

    &lt;PANFormat&gt;TransactionIndex&lt;/PANFormat&gt;

    &lt;TransactionIndex&gt;7C256903-9097-41AE-81B6-54681B33301F&lt;/TransactionIndex&gt;

    &lt;PAN&gt;4242........4242&lt;/PAN&gt;

    &lt;/Transaction&gt;&lt;/V_XML&gt;

</request>

  </Execute>

  </soap:Body>

  </soap:Envelope>

 


Response 

<?xml version="1.0" encoding="utf-8"?>

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" 

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">

    <soap:Body>

        <ExecuteResponse xmlns="http://iveri.com/">

            <ExecuteResult>&lt;V_XML Version="2.0" Direction="Response"&gt;

  &lt;Transaction ApplicationID="{6D8D5A94-8FA0-428D-A539-3A5BAF166F7F}" Command="Debit" Mode="Test" RequestID="{24A1FCA2-69F0-41ED-B5B7-AB07521EE5B6}"&gt;

    &lt;Result Status="0" Code="0" Description="" AppServer="105IVERIAPPPR2N"

 DBServer="105iveridbpr01n" Gateway="Nedbank" AcquirerCode="00" 

AcquirerDescription="" /&gt;

    &lt;MerchantTrace&gt;24AZNXBEEE&lt;/MerchantTrace&gt;

    &lt;Amount&gt;2000&lt;/Amount&gt;

    &lt;AuthorisationCode&gt;811887&lt;/AuthorisationCode&gt;

    &lt;CCNumber&gt;4242........4242&lt;/CCNumber&gt;

    &lt;Currency&gt;ZAR&lt;/Currency&gt;

    &lt;ExpiryDate&gt;042024&lt;/ExpiryDate&gt;

    &lt;MerchantReference&gt;20220104.0931&lt;/MerchantReference&gt;

    &lt;Terminal&gt;Default&lt;/Terminal&gt;

    &lt;TransactionIndex&gt;{C888BD10-0474-495B-84E7-A113C4C74C76}&lt;/TransactionIndex&gt;

    &lt;MerchantName&gt;iVeri Payment Technology&lt;/MerchantName&gt;

    &lt;MerchantUSN&gt;7771777&lt;/MerchantUSN&gt;

    &lt;Acquirer&gt;NBPostilionNBSouthAfrica&lt;/Acquirer&gt;

    &lt;AcquirerReference&gt;95713:04649951&lt;/AcquirerReference&gt;

    &lt;AcquirerDate&gt;20230109&lt;/AcquirerDate&gt;

    &lt;AcquirerTime&gt;093127&lt;/AcquirerTime&gt;

    &lt;DisplayAmount&gt;R 20.00&lt;/DisplayAmount&gt;

    &lt;BIN&gt;4&lt;/BIN&gt;

    &lt;Association&gt;VISA&lt;/Association&gt;

    &lt;CardType&gt;Unknown CardType&lt;/CardType&gt;

    &lt;Issuer&gt;Unknown Issuer&lt;/Issuer&gt;

    &lt;Jurisdiction&gt;International&lt;/Jurisdiction&gt;

    &lt;PAN&gt;4242........4242&lt;/PAN&gt;

    &lt;PANMode&gt;Tokenized&lt;/PANMode&gt;

    &lt;ReconReference&gt;04649951&lt;/ReconReference&gt;

    &lt;CardHolderPresence&gt;CardNotPresent,Recurring

&lt;/CardHolderPresence&gt;

    &lt;MerchantAddress&gt;MERCHANT ADDRESS&lt;/MerchantAddress&gt;

    &lt;MerchantCity&gt;Sandton&lt;/MerchantCity&gt;

    &lt;MerchantCountryCode&gt;ZA&lt;/MerchantCountryCode&gt;

    &lt;MerchantCountry&gt;South Africa&lt;/MerchantCountry&gt;

    &lt;DistributorName&gt;Nedbank&lt;/DistributorName&gt;

  &lt;/Transaction&gt;

&lt;/V_XML&gt;</ExecuteResult>

        </ExecuteResponse>

    </soap:Body>

</soap:Envelope>

Network Tokens

What is Tokenisation?

Tokenization is a process in which the customers sensitive card information is replaced by a unique identifier ("token") which can be used to make online payments. 

What are Network Tokens?

Card Networks like Visa, Mastercard offer tokenization services, where the card network holds the card number (PAN) and replaces with a network token which can be used to effect online payments.

Benefits of Network Tokens

  • Seamless checkout experience and reduced customer friction as the payment token is carried across the payment ecosystem 
  • Reduces transaction failures attributed to expired or stolen cards

iVeri Gateway Token Vs Network Token

  • Network Tokens - Merchants or Payment Service Providers can do a direct integration for tokenization services with the card networks and only make use of the network token during payment instruction to the iVeri Gateway 
  • iVeri Tokens - Merchants processing iVeri tokenised transactions can be enabled for network tokens, the iVeri Gateway will manage the tokenRequest onbehalf of the merchant to the brand networks.

Use Cases

  • Online, ecommerce merchants where card acceptance is processed on web or mobile applications
  • Where merchants have customer profiles, along with card on file payment credentials

Network Token Flows

 

Network Token Parameters -  Auth/Debit to the Gateway

Non 3D Secure Transactions

3D Secure Transactions

Comments

PAN = “Token”

PAN  = “Token”

 As returned by the network scheme

ExpiryDate= “expiry date”

ExpiryDate= “expiry date”

 As returned by the network scheme

CardHolderAuthenticationID  = “TAVV”

 

 

 

CardHolderAuthenticationID = “XID”

 

TAVV as returned by the network scheme for non-3D secure transactions, while for 3D secure the XID value should be passed( if available)

As a note, from an acquirer perspective, and with Visa Tokens, there is only one field that can handle the XID and TAVV values.  In a nutshell, the merchant can either process a 3D secure transaction or Non-3Dsecure transaction. One transaction cannot carry both values at the same time.

ElectronicCommerceIndicator = “SecureChannel”

 

ElectronicCommerceIndicator = “ ECI "

 

For 3D secure transactions, existing ECI's should be passed

  • ThreeDSecure ( "05")
  • ThreeDSecureAttempted ( "06")
  • SecureChannel ("07")

For non 3D secure transactions - only ECI value "SecureChannel" should used

CardHolderPresence =” COF, SecureChannel”

 CardHolderPresence ="COF"

Expected when Non-3D/3D secure transactions are processed.

 

 

 CardHolderAuthenticationData

 For 3D secure transaction, the CardholderAuthenticationData ("CAVV") should be included in the Auth/Debit as is to-date 

The following table outlines applicable parameters when 3D secure or non 3D secure transactions are processed to the iVeri Gateway.

To note, all existing parameters that are applicable for 3D secure transactions remain unchanged. To add, merchants that do not support card on file payment credentials with their customers can still continue to accept and process payments using full card details.

iVeri Token Flows

iVeri Token Parameters -  Auth/Debit to the Gateway

The following table outlines applicable parameters when 3D secure or non 3D secure transactions are processed to the iVeri Gateway. 

Non 3D Secure

3D secure

Comments

PAN =  “first 4 last 4”

PAN  = “first 4 last 4”

As returned by the iVeri Gateway on the initial transaction or token response

ExpiryDate= “expiry date”

ExpiryDate= “expirydate”

 

PANFormat = “TransactionIndex”

 PANFormat =“TransactionIndex”

 

TransactionIndex = iVeri Token (“TransactionIndexValue”)

TransactionIndex = ”  iVeri Token (“TransactionIndexValue”)

 

As returned by the iVeri Gateway

 

CardHolderAuthenticationID = “XID value ”

 

If available, should be included on the Auth/Debit for 3D Secure authenticated transactions

 

ElectronicCommerceIndicator = “ ECI "

For 3D secure transactions, existing ECI's should be passed

  • ThreeDSecure ( "05")
  • ThreeDSecureAttempted ( "06")
  • SecureChannel ("07")

For non 3D secure transactions - only ECI value "SecureChannel" should used

 

 

CardHolderAuthenticationData = "CardHolderAuthenticationData"

For 3D secure transaction, the CardholderAuthenticationData ("CAVV") should be included in the Auth/Debit as is to-date 

CardHolderPresence= "COF"

CardHolderPresence= "COF"

For additional uses cases where tokens can be used, refer to the Card On File - Recurring/Adhoc section.