Backend

Network Tokens

Network Tokens replace sensitive card details (like the 16-digit card number, expiration date, and security code) with a unique identifier generated by a card network (e.g. Visa or Mastercard). This token is used to process payments without exposing actual card details, thus adding a layer of security. For merchants, this can also result in higher authorization rates and lower authorization fees.

They’re designed to look exactly like a real card number, complete with a similar length and an expiry date, making them compatible with existing payment infrastructure. Since Network Tokens are simple identifiers and not real card numbers, merchants can store them without expanding their compliance obligations, such as those required by PCI standards.

Unlike traditional card details, Network Tokens are directly linked to specific Merchants. When a Merchant creates a Network Token with the card network, it can only be used for transactions by that Merchant alone. This restriction introduces an additional security measure: should a token be compromised, it can be deactivated without requiring a new card to be issued or impacting Tokens linked to that card across different merchants. This also leads to a significant reduction in fraud risk, as stolen Network Tokens can not be used with any other merchant.

Payments Add-on

Network Tokens are available as part of the Payments Add-on. You can use Sandbox apps to try the feature for free and test the full process without using live data. Once you're ready to transition to processing real transactions, please contact our support team at support@evervault.com.

How Network Tokens work

Tokenization Process
The tokenization journey commences as the merchant gathers the customer's card information on the checkout page. Once the card details are captured, the merchant creates a Network Token by submitting the card details to the relevant card network, such as Visa or Mastercard. The card network first authorizes the tokenization request with the issuer of the card. This authorization step ensures that the token is linked accurately to the card with the issuer's approval. Once tokenization is authorized, the card network generates a unique token that is associated with the merchant. The generated Network Token is then returned to the Merchant and stored for future use.
Processing payments using Network Tokens
During a transaction, a Network Token is sent to the payment gateway or card network instead of the original card details. Once a transaction reaches the network, the token is replaced by the original card details and then processed as usual by the card issuer. As a result, the card details are only handled by the card issuer and the card network, minimizing the number of points where this data is exposed.

The benefits of Network Tokens

Using Network Tokens to process payments offers a number of benefits compared to using raw card details.

Improved authorization rate
Because tokens are issued and recognized by the card networks and are specific to the merchant or transaction type, they often carry additional data that can assist in the authorization process. This data helps issuers more accurately verify the legitimacy of a transaction. As a result, legitimate transactions are less likely to be declined due to suspicion of fraud, improving the overall experience for both customers and merchants. Merchants typically experience a 3% increase in authorization rates when utilizing Network Tokens instead of traditional card numbers.
Automated card updates
Unlike traditional card numbers (which remain static until manually updated by the cardholder in the event of expiry or reissuance), Network Tokens are dynamically updated. Card networks ensure that tokens reflect the most up-to-date card information, including automatic updates for expiration dates or replacement card numbers. This automatic renewal feature removes the common friction point of transactions being declined due to outdated card details.
Reduced fraud risk
Since tokens replace sensitive card information with a unique digital identifier associated with a single merchant, the actual card details are never exposed during the transaction process — minimizing exposure to potential fraud. If a token is compromised, it can be suspended or invalidated by the issuing network without affecting the underlying card or the cardholder's ability to make purchases through other channels.
Lower interchange fees
One of the lesser-known yet financially impactful benefits of adopting network tokens in payment processing is the potential reduction in interchange fees. Interchange fees are the costs that merchants pay to card networks for the processing of credit and debit card transactions. Some card networks offer specific incentives and reduced interchange rates for transactions that utilize network tokens, as part of their push towards adopting more secure payment technologies.
Reduced PCI compliance scope
By using tokens instead of storing, processing, or transmitting card numbers directly, merchants handle less sensitive data. This reduction in handling sensitive data can decrease the complexity and costs associated with maintaining PCI DSS compliance, as the stringent security requirements become applicable to a smaller portion of the merchant's payment ecosystem.
Simplified payment infrastructure
Since the tokenization and de-tokenization processes are handled by the card networks (e.g. Visa or Mastercard), merchants can process payments across different payment gateways without depending on each gateway's proprietary tokenization system. Merchants therefore need only a single tokenization integration to work with various payment processors and gateways, significantly simplifying the payment infrastructure.

Getting started

Evervault provides a set of easy-to-use APIs designed to let you create and use Network Tokens in minutes without having to integrate directly with the card networks.

The Evervault API enables you to tokenize cards with Visa or Mastercard.

Support for additional card networks such as American Express are coming soon. Please contact support@evervault.com if you are interested in using Network Tokens with American Express.

Create a Merchant

Network Tokens are unique to individual merchants, meaning a token can only be utilized by the merchant for whom it was issued. You can create a merchant from the payments section in the Evervault Dashboard or via the Merchants API. When you create a Merchant, we will automatically initiate the enrollment process with each supported card network.

It can take up to 48 hours to enroll a merchant with each of the card networks. If you are still unable to provision network tokens after this period, please contact support@evervault.com

Create a Network Token

After successfully enrolling the merchant, you can create Network Tokens via the Network Token API, making sure to include the merchant ID.

1fetch("https://api.evervault.com/payments/network-tokens", {
2  method: "POST",
3  headers: {
4    "Content-Type": "application/json",
5    Authorization: "Basic " + btoa("<app_id>:<api_key>"),
6  },
7  body: JSON.stringify({
8    card: {
9      number: "4242424242424242",
10      expiry: {
11        month: "09",
12        year: "29",
13      },
14      cvc: "123",
15    },
16    merchant: "merchant_ddsaJsda9d86",
17  }),
18});

This API endpoint is designed to accept both Evervault encrypted values and plaintext values for the card number and the CVC. If card details have been obtained through Card Collection or Relay, these values should be used as received.

Network Tokens are issued synchronously. This ensures that the response to the creation request includes all details of the enrolled token, such as the token number and its expiration date. Since the Card Issuer is involved in the token issuance process, requests may experience high latency and take several seconds to process. Upon successful tokenization, the Network Token becomes immediately available for use in processing transactions.

Process payments with Network Tokens

Network Tokens can be utilized as payment credentials to process charges across several payment gateways for Customer Initiated Transactions (CITs) and Merchant Initiated Transactions (MITs). To utilize Network Tokens during the payment flow, verify that your payment gateway is equipped with the necessary API support for Network Tokens, as they often feature dedicated APIs for processing Network Token transactions.

Merchant Initiated Transactions (MITs)
To process a Merchant Initiated Transaction, the only requirement is the token number and expiry date, both of which can be found in the Network Token object.
Customer Initiated Transactions (CITs)
Customer Initiated Transactions require the generation of a token Cryptogram. This serves as a substitute for the traditional CVC code found on the back of a payment card. The Token Cryptogram is designed for in-memory use only and must be disposed of after each payment attempt, regardless of whether the attempt succeeds or fails.
Token Cryptograms can be generated using the Network Token Cryptogram API.
1const response = await fetch("https://api.evervault.com/payments/network-tokens/network_token_123456789098/cryptograms", { 2 method: "POST", 3 headers: { 4 "Content-Type": "application/json", 5 Authorization: "Basic " + btoa("<app_id>:<api_key>"), 6 }, 7}); 8 9const { cryptogram } = await response.json(); 10 11console.log(cryptogram); 12// NTk0ZjM5M2QyNDMwNDE1MjkzMjg1ZTg5Y2NiZjdmNjE=

Network Token updates

One of the primary advantages of utilizing the Network Tokens API lies in its ability to notify you whenever there is a change to a card. Such changes may occur under various circumstances like a card replacement due to loss, theft, expiration, or the renewal of the token itself. Handling token updates ensures that the tokenized payment credentials on file are always up to date.

The update event can include changes to the number, expiry, card, and status fields.

Error handling

When an issue occurs during the tokenization process, the API generates an error message — each of which are tagged with a distinct code. This feature enables the design of customized error handling strategies, streamlining the resolution of these issues effectively.

Error Codes

payments/network-tokens/ineligible-card
The card is not eligible for tokenization. This may be due to the card issuer not supporting tokenization.
payments/network-tokens/invalid-card
The provided card details did not pass verification checks. This may be due to an invalid card number, an incorrect CVC, or a discrepancy between the provided and actual card expiry date.
If network tokenization occurs while the cardholder is still present, an error message should be displayed. This ensures immediate feedback for correction or verification.
payments/network-tokens/expired-card
The card has expired.
If network tokenization occurs while the cardholder is still present, an error message should be displayed. This ensures immediate feedback for correction or verification.
payments/network-tokens/declined-tokenization
Tokenization for the given card was declined by the card issuer. This may be due to restrictions related to the card type, issuer policies, or the card's current status.
payments/network-tokens/unavailable-token-service
The Token Service Provider is unavailable. Retrying tokenization at a later stage may succeed.
payments/network-tokens/token-service-provider-provisioning
The Token Service Provider is provisioning. Retrying tokenization at a later stage may succeed.

Fallback to PANs

In the event of a transaction decline with a token, it is advisable to attempt the payment authorization again using the PAN (card number) credentials. This best practice ensures a secondary payment route, enhancing the success rate of transactions.

To benefit from card update notifications, you can set up a Webhook Endpoint and subscribe that endpoint to the payments.network-token.updated Webhook Event. Endpoints can be registered using the Evervault Dashboard (App Settings) or programmatically using the Webhook Endpoints API.

Testing your implementation

You can leverage Sandbox apps to test the full merchant enrollment and token creation process without affecting live data. Once you're ready to transition to Live Mode for processing real Network Tokens, please contact our support team at support@evervault.com.

Test cards

In Sandbox mode, you can use specific test cards to simulate various real-life scenarios. These cards can be used in conjunction with any valid expiry date or CVC.

Number	Brand
Successful network tokenization The following test cards will result in a successful network tokenization.
4242 4242 4242 4242	Visa
5555 5555 5555 4444	Mastercard
Ineligible card The following test cards will emulate scenarios where the card issuer doesn't support tokenization.
4111 1101 1663 8870	Visa
5555 5501 3065 9057	Mastercard
Invalid card The following test cards will emulate scenarios where the card is invalid.
4111 1117 3897 3695	Visa
5555 5504 8784 7545	Mastercard
Declined Tokenization Emulates scenarios where the card issuer declines the tokenization request.
4111 1101 4848 6405	Visa
5555 5588 2481 5604	Mastercard
Unavailable Token Service Provider Emulates scenarios where the token service provider is unavailable (e.g., a card network outage).
4111 1160 2899 8260	Visa
5555 5581 2243 2110	Mastercard

What's next

3D Secure
Learn how 3D Secure works and how it can be used to enhance your payment security.
Card Account Updater
Learn how to use Card Account Updater to automatically update card details.

Network Tokens

Payments Add-on

Tokenization Process

Processing payments using Network Tokens

Improved authorization rate

Automated card updates

Reduced fraud risk

Lower interchange fees

Reduced PCI compliance scope

Simplified payment infrastructure

Merchant Initiated Transactions (MITs)

Customer Initiated Transactions (CITs)

Error Codes

Successful network tokenization

Ineligible card

Invalid card

Declined Tokenization

Unavailable Token Service Provider

On this page