Tokenisation
1. Introduction
BillDesk offers a secure way to enable saved card experience across the card networks. Integrate seamlessly with the BillDesk Tokenisation Suite (BTS) for a streamlined and secure checkout experience for your customers.
To save the customer's payment details, merchant only needs to pass some additional parameters when making a payment. In the first payment, BillDesk collects the payment information from the customer and their consent to generate a token. For future use, merchant can make use of BillDesk generated Card Account to process the transactions.
2. Salient Features (Tokenisation Suite)
- BTS enables Card-on-File Tokenisation (CoFT) to offer customers easy checkout by saving cards securely for future transactions
- To save card details, customers need to provide consent for the creation of a unique token for each card at the Merchant website or App
- With customer consent and an Additional Factor of Authentication (AFA), a token is provisioned through a Token Requestor (TR)
- The token is a randomised code provisioned by a Token Service Provider (TSP), which can be a card network or a card issuing bank
- For greater control to the cardholder, the Merchant and the card issuing bank need to provide access to deactivate the tokens created by them
BTS is PCI DSS compliant REST API framework to connect across Token Service Providers.
3. BillDesk Tokenisation Suite Solutions
The BillDesk Tokenisation Suite (BTS) provides three distinct solutions tailored to meet the specific requirements of merchants
Flexibility to save card details for easier checkout.
Save multiple cards by the customer.
Secure processing of saved cards.
Process token based transactions seamlessly.
Unified SDK option for faster integration.
Save card(s) & process token based transactions seamlessly.
4. API Orchestration
The orchestration of the API/s workflow has been explained below:
Transaction Use cases:
API Reference | Description |
|---|---|
The API will provide a card account object as a response, with a unique card account id, that can be used to initiate a transaction. Response will return network token object for Visa, Mastercard, RuPay and Amex cards, and the issuer token object for Diners card. For sample code click here. | |
Retrieve details of a card account either by using the mercid and card account id or the mercid, orderid and customer_refid as inputs. For sample code click here. | |
Merchant can use the list all card accounts API to fetch all the card accounts created for a specific customer_refid. For sample code click here. | |
Merchant can use the delete card account API to delete a card account by providing the merchant id and card account id. For sample code click here. |
5. Expected Status'
In the context of above mentioned workflows, merchant can expect the below status' in the responses. These status' will assist merchants to manage their internal workflows.
Merchants can expect these status codes when they consume any of the above API for their internal workflow management.
Token status
| Status | Description | Terminal State (Yes/ No) |
|---|---|---|
| ACTIVE | Token is in active state | No |
| SUSPENDED | Token had been suspended via issuer/network channel | No |
| CANCELLED | Token had been deleted via issuer/network channel | Yes |
| DELETED | Token had been deleted from merchant portal | Yes |
Updated 6 months ago