Skip to content

Visa Token Service

The Visa Token Service (VTS), a security technology by Visa, is designed to protect account information, such as the primary account number, from unauthorized use. It replaces the sensitive card data with a unique token.

Payment service providers and acquiring banks can no longer store customer card data, but use a token from Visa to receive payments. Buyers’ card numbers will only be stored by Visa and issuing banks. This measure significantly reduces the risk of card data interception and makes it way harder for intruders to compromise card data in general.

Once the buyer's card is tokenized in Visa Token Service, s/he receives an SMS notification provided that the relevant notification settings are activated for the buyer's card account.

Example of the data with TAVV cryptogram received from Visa Token Service
{
"vPaymentDataID": "54df012448e3a441b3f714bd56d8eb02",
"paymentInstrument": {
    "last4": "0044",
    "paymentType": {
    "cardBrand": "VISA"
    },
    "paymentAccountReference": "V0010013020315513942420893974"
},
"tokenInfo": {
    "encTokenInfo": "eyJhbGciOiJBMjU2RNN0S1ciLCJpdiI6ImpqU2tyZVhhVmNwckJiX2kiLCJ0YWciOiJoMVAyZUhyQ18zWWZieHRRMlNQakF3IiwiZW5jIjoiQTI1NkdDTSIsInR5cCI6IkpPU0UiLCJraWQiOiI3UE80T1hQVEhJS1czQjNJMUdTTzEzMWU5MGVZcC1sUExtZXRmSXBPbVltVndfTDVJIiwiY2hhbm5lbFNlY3VyaXR5Q29udGV4dCI6IlNIQVJFRF9TRUNSRVQiLCJpYXQiOiIxNjMwMDY2NDQ2In0.FY-AA_658fhzqk5w6jolQcPM_9JUfZa2V-nd3coZl7Q.zwrsFTOjYFMzCq81.iIgOnxfCY55n2eG6wpo6j9UPYoXJLa3H4Z92ug.FNG_yuGFnz_WiD3JhLSWSQ",
    "last4": "0887",
    "expirationDate": {
    "month": "12",
    "year": "2025"
    }
},
"cryptogramInfo": {
    "cryptogram": "AgAAABB6qqnJd0oAmbuXgu8AAAA=",
    "eci": "07",
    "atc": "31402"
}
}
Example of the data with CTAVV cryptogram received from Visa Token Service
{
"vPaymentDataID": "54df012448e3a441b3f714bd56d8eb02",
"paymentInstrument": {
    "last4": "0044",
    "paymentType": {
    "cardBrand": "VISA"
    },
    "paymentAccountReference": "V0010013020315513942420893974"
},
"tokenInfo": {
    "encTokenInfo": "eyJhbGciOiJBMjU2RNN0S1ciLCJpdiI6ImpqU2tyZVhhVmNwckJiX2kiLCJ0YWciOiJoMVAyZUhyQ18zWWZieHRRMlNQakF3IiwiZW5jIjoiQTI1NkdDTSIsInR5cCI6IkpPU0UiLCJraWQiOiI3UE80T1hQVEhJS1czQjNJMUdTTzEzMWU5MGVZcC1sUExtZXRmSXBPbVltVndfTDVJIiwiY2hhbm5lbFNlY3VyaXR5Q29udGV4dCI6IlNIQVJFRF9TRUNSRVQiLCJpYXQiOiIxNjMwMDY2NDQ2In0.FY-AA_658fhzqk5w6jolQcPM_9JUfZa2V-nd3coZl7Q.zwrsFTOjYFMzCq81.iIgOnxfCY55n2eG6wpo6j9UPYoXJLa3H4Z92ug.FNG_yuGFnz_WiD3JhLSWSQ",
    "last4": "0887",
    "expirationDate": {
    "month": "12",
    "year": "2025"
    }
},
"cryptogramInfo": {
    "ctavvCryptogram": "AgAAAAHHHZ/09IEAmbuXgh4AAAA=",
    "eci": "05",
    "cryptogramExpirationDate": "2077-09-27T17:06:09.000Z"
}
}

Make payments with a token received from Visa Token Service

Request

The Demo PSP system allows you to use the data received from Visa Token Service in payment and authorization requests.

To complete a payment and get an operation result, make the following steps:

  1. Decrypt the encTokenInfo data and append them to the JSON as the value of the token key of the decTokenInfo parameter of the tokenInfo object.

  2. Send the obtained result as the value of the request.credit_card.token parameter in the $begateway_vts_decrypted_1_0_0$<base64_Visa Token Service Data_here> format, where <base64_Visa Token Service Data_here> is the JSON you get on Step 1 in the Base64-strict format.

Example of the JSON object with decrypted token
{
"vPaymentDataID": "54df012448e3a411b3f714bd56d8eb02",
"paymentInstrument": {
    "last4": "0044",
    "paymentType": {
    "cardBrand": "VISA"
    },
    "paymentAccountReference": "V0010013020315513942420883974"
},
"tokenInfo": {
"encTokenInfo": "eyJhbGciOiJBMjU2R0NNS1ciLCJpdiI6ImpqU2tyZVhhVmNwckJiX2kiLCJ0YWciOiJoMVAyZUhyQ18zWWZieHRRMlNQakF3IiwiZW5jIjoiQTI1NkdDTSIsInR5cCI6IkpPU0UiLCJraWQiOiI3UE80T1hQVEhJS1czQjNJMUdTTzEzMWU5MGVZcC1sUExtZXRmSXBPbVltVndfTDVJIiwiY2hhbm5lbFNlY3VyaXR5Q29udGV4dCI6IlNIQVJFRF9TRUNSRVQiLCJpYXQiOiIxNjMwMDY2NDQ2In0.FY-AA_658fhzqk5w6jolQcPM_9JUfZa2V-nd3coZl7Q.zwrsFTOjYFMzCq81.iIgOnxfCY55n2eG6wpo6j9UPYoXJLa3H4Z92ug.FNG_yuGFnz_WiD3JhLSWSQ",
    "last4": "0887",
    "expirationDate": {
    "month": "12",
    "year": "2025"
    },
    "decTokenInfo": {
    "token": "4417329760000887"
    }
},
"cryptogramInfo": {
    "cryptogram": "AgAAAAB6qqnJd0oAmbuXgu8AAAA=",
    "eci": "07",
    "atc": "31402"
}
}
Example of the request
{
"request":{
    "amount":100,
    "currency":"USD",
    "description":"VTS test transaction",
    "tracking_id":"your_uniq_number",
    "credit_card":{
    "token": "$begateway_vts_decrypted_1_0_0$fn5anNvbgp7CiAgInZQYXltZW50RGF0YUlEIjogIjU0ZGYwMTI0NDhlM2E0MTFiM2Y3MTRiZDU2ZDhlYjAyIiwKICAiY3J5cHRvZ3JhbUluZm8iOiB7CiAgICAiY3J5cHRvZ3JhbSI6ICJbRklMVEVSRURdIiwKICAgICJlY2kiOiAiMDciLAogICAgImF0YyI6ICIzMTQwMiIKICB9LAogICJwYXltZW50SW5zdHJ1bWVudCI6IHsKICAgICJsYXN0NCI6ICIwMDQ0IiwKICAgICJwYXltZW50VHlwZSI6IHsKICAgICAgImNhcmRCcmFuZCI6ICJWSVNBIgogICAgfSwKICAgICJwYXltZW50QWNjb3VudFJlZmVyZW5jZSI6ICJWMDAxMDAxMzAyMDMxNTUxMzk0MjQyMDg4Mzk3NCIKICB9LAogICJ0b2tlbkluZm8iOiB7CiAgICAiZW5jVG9rZW5JbmZvIjogImV5SmhiR2NpT2lKQk1qVTJSME5OUzFjaUxDSnBkaUk2SW1wcVUydHlaVmhoVm1Od2NrSmlYMmtpTENKMFlXY2lPaUpvTVZBeVpVaHlRMTh6V1daaWVIUlJNbE5RYWtGM0lpd2laVzVqSWpvaVFUSTFOa2REVFNJc0luUjVjQ0k2SWtwUFUwVWlMQ0pyYVdRaU9pSTNVRTgwVDFoUVZFaEpTMWN6UWpOSk1VZFRUekV6TVdVNU1HVlpjQzFzVUV4dFpYUm1TWEJQYlZsdFZuZGZURFZKSWl3aVkyaGhibTVsYkZObFkzVnlhWFI1UTI5dWRHVjRkQ0k2SWxOSVFWSkZSRjlUUlVOU1JWUWlMQ0pwWVhRaU9pSXhOak13TURZMk5EUTJJbjAuRlktQUFfNjU4Zmh6cWs1dzZqb2xRY1BNXzlKVWZaYTJWLW5kM2NvWmw3US56d3JzRlRPallGTXpDcTgxLmlJZ09ueGZDWTU1bjJlRzZ3cG82ajlVUFlvWEpMYTNINFo5MnVnLkZOR195dUdGbnpfV2lEM0poTFNXU1EiLAogICAgImxhc3Q0IjogIjA4ODciLAogICAgImV4cGlyYXRpb25EYXRlIjogewogICAgICAibW9udGgiOiAiMTIiLAogICAgICAieWVhciI6ICIyMDIyIgogICAgfSwKICAgICJkZWNUb2tlbkluZm8iOiB7CiAgICAgICJ0b2tlbiI6ICI0eHh4eDA4ODciCiAgICB9CiAgfQp9Cn5+fg=="
    }
}
}

Response

The response to the payment request with the Visa Token Service data will be returned synchronously with operation statuses and fully conforms to payment or authorization operation responses.

List of possible errors

Error Description
{"response"=>{"message"=>"Not allowed"}} Transactions with decrypted Visa Token Service data are not allowed for the shop. Contact your Account Manager.
{"response"=>{"message"=>"Invalid token"}} Transmitted token data can not be parsed. Check the request parameters and values.