Tokenization
The Payment Instrument feature uses tokenization to substitute sensitive data with tokens. Using tokens removes the need of Payment Card Industry (PCI) compliance considerations. As a consequence:
-
SuiteCommerce Advanced (SCA) can use a hosted pay page to accept payment cards, and can, depending on the payment method and the payment gateway, retain a token for later use.
-
A call center can use an encrypted keyboard to retain credit card information, and NetSuite then offers a token, retrieved from the payment gateway after payment processing, for later use.
NetSuite distinguishes between two types of tokens:
-
Payment Card Tokens – represent payment cards without the need to save the payment card number (PAN).
-
General Tokens – represent all types of credentials that are retained from processing alternative payment methods apart from payment cards.
Typically, tokens are created automatically by gateway integrations. You can display information about a token in the UI.
Payment gateways can update a token after the token is used. Note that bulk updates are not supported.
Verifying the Support for CyberSource Tokens
Existing CyberSource integrations can charge imported CyberSource tokens with the Payment Instruments feature enabled.
The token format that can be used with this integration is not limited to 16 digits.
To determine if your CyberSource tokens are supported by the existing CyberSource integration:
-
Enable the Payment Instruments feature. For instructions, see To enable the Payment Instruments feature:.
-
Create a Payment Processing Profile for CyberSource with merchant credentials that support tokens.
-
Create a new Payment Card Token Payment Instrument with values of a token that you get from your third-party integration.
-
Charge the payment card token, and check the result of the payment event.
Note that payment cards preserved directly in NetSuite will not be tokenized by the existing CyberSource integration.
Enabling Payment Card Tokenization
With the Payment Instruments feature, you can tokenize payment cards, and then use payment card tokens for payment processing. To enable payment card tokenization, you must create an instance of the Tokenized Payment Card payment method type, and enable payment card tokenization on the payment processing profile.
To create an instance of the Tokenized Payment Card payment method type:
-
Go to Setup > Accounting > Accounting Lists > New.
-
On the Add to Accounting Lists page, click Payment Method.
-
In the Name field, enter the name of the new payment method.
-
From the Type dropdown list, select Payment Card Token.
-
(Optional) From the Associated Payment Processing Profiles list, select a profile or profiles that you want to associate with the new payment method.
-
Click Save.
Prerequisites for enabling payment card tokenization on a payment processing profile:
-
The Payment Instruments feature must be enabled.
-
Your plug-in implementation must support tokenization.
-
An instance of the Payment Card Token payment method type must be previously created.
To enable payment card tokenization on a payment processing profile:
-
Go to Setup > Accounting > Payment Processing Profiles.
-
Click Edit on the payment processing profile for which you want to enable tokenization. Alternatively, you can create a new profile by clicking New Payment Processing Profile.
-
In the Tokenization section, check the Replace Payment Card by Token box.
-
From the Payment Card Token Payment Method dropdown list, select a payment method.
-
Click Save.
CyberSource Token Import
This section describes how imported CyberSource tokens are stored in NetSuite.
Token Import with Payment Instruments Disabled
With the Payment Instruments feature disabled, NetSuite stores imported CyberSource tokens as workaround tokens. The tokens are imported into the Credit Card sublist on customer record, and are associated with the Payment Card Tokenized payment method.
In addition to the token value, only the expiration date can be imported. Other payment card information, such as the mask, is not stored in NetSuite.
Charging workaround tokens with Payment Instruments enabled will continue to be supported in the future.
Token Import with Payment Instruments Enabled
With the Payment Instruments feature enabled, the way imported CyberSource tokens are stored in NetSuite depends on the third-party system integration:
-
If the integration imports only the expiration date and the token value, the token is imported as an instance of the Payment Card payment instrument type. The mask that NetSuite adopts uses the last four digits of the token, and not the last four digits of the actual payment card.
-
If you import the token with complete information, the token is imported as an instance of the Payment Card Token payment instrument type.