RE: Should we hold a gateway tokens spec call on 30 May? from Steve Sommers on 2017-05-25 (public-payments-wg@w3.org from May 2017)

From: Steve Sommers <steve@shift4.com>
Date: Thu, 25 May 2017 20:27:20 +0000
To: 'Anders Rundgren' <anders.rundgren.net@gmail.com>, 'Olivier Yiptong' <olivier.yiptong@airbnb.com>, Ian Jacobs <ij@w3.org>
CC: "Bhattacharjee, Manash" <Manash.Bhattacharjee@mastercard.com>, "Michel Weksler" <michel.weksler@airbnb.com>, Payments WG <public-payments-wg@w3.org>
Message-ID: <CF20D77A1CB1C34BA3338F5F7C4C8A31101D2854@S4-MAIL02.shift4.com>

Being a gateway, the advantage is that we are the token vault and the payment provider (or better described as the connection to the provider). Being both gives us the advantage of no detokenization requirement for the merchant. For web sites, we have a tokenization form that sits between the cardholder and the merchant site that takes the payment data directly and we provide a token to the merchant site. The merchant only ever sees a token and they use this token as the payment. We also allow using this token for future payments so it is often used in card-on-file environments -- but the token is only valid for the merchant it was originally issued. In these multi-use token instances, we issue a new token for each new transaction the token is used. We recommend that the merchant update their token-on-file with this new token as we place expirations on tokens based on various retention rules. Other gateways may vary but I would assume they have similar features.

Not sure if this was supposed to be answered here but there you are.


Steve Sommers
Senior Vice President, Applications Development

Shift4 Corporation
1491 Center Crossing Road
Las Vegas, NV  89144-7047

702.597.2480 ext. 40400
fax 702.597.2499
www.shift4.com
steve@shift4.com

facebook.com/shift4corp
twitter.com/shift4corp
linkedin.com/companies/shift4-corporation
shift4.com/blog



This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate,distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version.

-----Original Message-----
From: Anders Rundgren [mailto:anders.rundgren.net@gmail.com]
Sent: Thursday, May 25, 2017 1:10 PM
To: Steve Sommers; 'Olivier Yiptong'; Ian Jacobs
Cc: Bhattacharjee, Manash; Michel Weksler; Payments WG
Subject: Re: Should we hold a gateway tokens spec call on 30 May?

It would be cool if somebody could elaborate a bit on how card-on-file systems could use tokenization.
Card-on-file systems are extremely popular in the US.

Anders

Received on Thursday, 25 May 2017 20:28:01 UTC