Tokenization
The Payment Instrument feature uses tokenization to substitute sensitive data with tokens. Using tokens removes the need of Payment Card Industry (PCI) compliance considerations. As a consequence:
-
With SuiteCommerce Advanced (SCA), you can use a hosted pay page to take payment cards and, depending on your payment method and gateway, keep a token for later.
-
A call center can use an encrypted keyboard to capture credit card info, and then NetSuite gives you a token from the payment gateway for future use.
NetSuite distinguishes between two types of tokens:
-
Payment Card Tokens – represent payment cards without the need to save the payment card number (PAN).
-
General Tokens – represent all types of credentials that are retained from processing alternative payment methods apart from payment cards.
Typically, tokens are created automatically by gateway integrations. You can display information about a token in the UI.
Payment gateways can update a token after the token is used. Note that bulk updates are not supported.
Verifying the Support for CyberSource Tokens
Existing CyberSource integrations can charge imported CyberSource tokens with the Payment Instruments feature enabled.
The token format that can be used with this integration is not limited to 16 digits.
To determine if your CyberSource tokens are supported by the existing CyberSource integration:
-
Enable the Payment Instruments feature. For instructions, see To enable the Payment Instruments feature:.
-
Create a Payment Processing Profile for CyberSource with merchant credentials that support tokens.
-
Create a new Payment Card Token Payment Instrument with values of a token that you get from your third-party integration.
-
Charge the payment card token, and check the result of the payment event.
Note that payment cards preserved directly in NetSuite will not be tokenized by the existing CyberSource integration.
Enabling Payment Card Tokenization
With Payment Instruments, you can tokenize payment cards and use those tokens for payment processing.
To enable payment card tokenization, create a Tokenized Payment Card payment method and enable tokenization on the payment processing profile.
To create an instance of the Tokenized Payment Card payment method type:
-
Go to Setup > Accounting > Accounting Lists > New.
-
On the Add to Accounting Lists page, click Payment Method.
-
In the Name field, enter the name of the new payment method.
-
From the Type dropdown list, select Payment Card Token.
-
(Optional) From the Associated Payment Processing Profiles list, select a profile or profiles that you want to associate with the new payment method.
-
Click Save.
Prerequisites for enabling payment card tokenization on a payment processing profile:
-
The Payment Instruments feature must be enabled.
-
Your plug-in implementation must support tokenization.
-
An instance of the Payment Card Token payment method type must be previously created.
To enable payment card tokenization on a payment processing profile:
-
Go to Setup > Accounting > Payment Processing Profiles.
-
Click Edit on the payment processing profile for which you want to enable tokenization. Alternatively, you can create a new profile by clicking New Payment Processing Profile.
-
In the Tokenization section, check the Replace Payment Card by Token box.
-
From the Payment Card Token Payment Method dropdown list, select a payment method.
-
Click Save.
CyberSource Token Import
This section describes how imported CyberSource tokens are stored in NetSuite.
Token Import with Payment Instruments Disabled
With the Payment Instruments feature disabled, NetSuite stores imported CyberSource tokens as workaround tokens. The tokens are imported into the Credit Card sublist on customer record, and are associated with the Payment Card Tokenized payment method.
Besides the token value, only the expiration date gets imported. Other card info, like the mask, isn’t stored in NetSuite.
Charging workaround tokens with payment instruments enabled will continue to be supported in the future.
Token Import with Payment Instruments Enabled
With the Payment Instruments feature enabled, the way imported CyberSource tokens are stored in NetSuite depends on the third-party system integration:
-
If the integration imports only the expiration date and the token value, the token is imported as an instance of the Payment Card payment instrument type. The mask that NetSuite adopts uses the last four digits of the token, and not the last four digits of the actual payment card.
-
If you import the token with complete information, the token is imported as an instance of the Payment Card Token payment instrument type.