What is Tokenization?

Tokenization is the process of replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security. Tokenization, which seeks to minimize the amount of data a business needs to keep on hand, has become a popular way for small and mid-sized businesses to bolster the security of credit card and e-commerce transactions while minimizing the cost and complexity of compliance with industry standards and government regulations.

Payment card industry PCI standards do not allow credit card numbers to be stored on a retailer's point-of-sale terminal or in its databases after a transaction. To be PCI compliant, merchants must install expensive end-to-end encryption systems or outsource their payment processing to a service provider who provides a "tokenization option." The service provider handles the issuance of the token value and bears the responsibility for keeping the cardholder data locked down. 

In such a scenario, the service provider issues the merchant a driver for the POS system that converts credit card numbers into randomly-generated values (tokens). Since the token is not a primary account number (PAN), it can't be used outside the context of a specific unique transaction with that particular merchant. In a credit card transaction, for instance, the token typically contains only the last four digits of the actual card number. The rest of the token consists of alphanumeric characters that represent cardholder information and data specific to the transaction underway. 

How to Implement Tokenization:

Both the HPP and HPF API Integration documents can be found on this page https://manage.cresecure.com/fdm_folder_files.php?fPath=_8&CDpath=5_30 detailed specifics included for the values and functions required.

CRE Tokenization allows merchants to store credit cards with their approved gateway and obtain an inert card token from CRE Secure that can be used for future payment authorizations. As part of any new payment transaction, as an option, CRE Secure can return a CRE Card Token when used with supported payment gateways. This service is enabled in your CRE Secure profile settings if you have card storage capabilities selected with an approved gateway. Card storage services may be sold separately from your gateway and vary in price and availability with each gateway. Please check with your gateway provider before enabling CRE Card Tokenization Service.

To request a token for the transaction, you must pass an additional parameter with the request. "CRE_Tokenize" is the field name and the value can be one of two parameters:
store_authorize will request a CRE Card Token while processing a payment. The transaciont amount is required for this type of transaction. Both auth_only and auth_capture transactions are compatible with this request.
store_only will request a CRE Card Token without any processing of a payment. An amount is not needed for this type of transaction. A good use case is adding a card on file or updating a card on file in your application.

The token will be returned from CRE in the tokenId field of the XML return to the server.
To use the token to create new transactions, please see the CRE Secure Web Direct Services documentation.

How to Redeem Tokens:

The Web Direct Services documentation can found on this page https://manage.cresecure.com/fdm_folder_files.php?fPath=_8&CDpath=5_30 with detailed specifics included for the values and functions required.