Portuguese (BR)
Docs
API StatusSupport

Cielo vault - Cartão Protegido

Store credit cards in a tokenized and secure way in the Cielo vault

Tokenization is a service that allows the secure storage of sensitive credit card data (except for CVV), associating this information with a token (a string of characters that represents that card).

This way, the merchant can use the token for future purchases instead of asking the shopper to re-enter all payment information, providing a better experience for the shopper and higher conversion rates.

The goal of tokenization in the Cielo vault is to store card data securely in an environment certified by PCI DSS, providing a better experience for the shopper and ensuring higher sales conversion.

ℹ️

See how to enable Cartão Protegido.

What are the benefits of card tokenization?

Tokenization allows the secure storage of sensitive credit card data in an environment compliant with PCI DSS standards.

  • Higher conversion rate due to better shopper experience: once the merchant saves the card (tokenized), it is possible to make sales without the shopper needing to re-enter card data (such as for recurring payments, one-click purchases, and cart recovery);
  • Higher conversion rate due to transaction reliability: when tokenization is combined with the use of Card On File (an indicator for stored cards), issuers identify that the transaction refers to a stored card, increasing transaction reliability and approval rate;
  • More security in transactions: using the tokenized card avoids the transmission of real card data between the merchant and Cielo, minimizing the risk of sensitive data exposure and preventing leaks;
  • Secure PCI DSS environment: Cielo has a PCI DSS certified environment, ensuring the integrity and security of sensitive data such as credit card information;
  • Reduced PCI DSS scope: merchants that send tokenized card data reduce the scope required to obtain PCI DSS certification.

Use cases

  • Recurring purchase: allows storing credit card data and processing recurring transactions through payment tokens;
  • One-click purchase: allows storing a credit card, with the cardholder's permission, to make an online payment using the saved card and skipping the step of entering payment data or even the entire shopping cart process;
  • Cart recovery: allows merchants to contact shoppers who may have had issues during purchase, offering a new payment attempt without the shopper needing to re-enter card data.

Best practices for card tokenization

  • Do not create tokens for invalid cards: always validate the card with Zero Auth before tokenizing the card;
  • Do not create a token for the card if the Zero Auth return is a decline with <a href="https://docs.cielo.com.br/ecommerce-cielo-en/page/return-codes-abecs target="_blank">irreversible code;
  • Only store cards when you have the cardholder's consent;
  • Do not tokenize cards that are linked to any type of confirmed fraud: upon receiving a chargeback notification for fraud, delete the related CardToken from the card database;
  • When using a CardToken, provide the CardOnFile parameters to reinforce that it is a stored card transaction and improve approval chances.

ℹ️

  • Zero Auth is a Cielo tool that allows you to check if a card is valid for making a purchase before the order is completed. Learn more about Zero Auth

  • Card on File is an indicator that the transaction is using stored card data and can help increase conversion. Learn more about CardOnFile .

⚠️

We recommend updating cards in the vault when:


Saving cards in Cartão Protegido

The API E-commerce Cielo creates a CardToken (a unique identifier in the format 6e1bf77a-b28b-4660-b14f-455e2a1c95e9) that represents the credit card data. The card data* is securely stored by Cielo, while the merchant stores only the CardToken.

To create online payments in the future, the merchant must provide the saved CardToken — there is no need to request the card data from the shopper again.

*Cielo does not store the credit card CVV.

CardToken creation flow

You can create and store the CardToken before or during authorization. The following example covers the creation of the CardToken without an associated transaction.

Creating the CardToken before authorization


  1. The shopper provides the card data (PAN) and allows the merchant to store the card data (for recurring or future one-click purchases).
  2. The merchant requests card validation with Zero Auth.
  3. Zero Auth returns that the card is valid.
  4. The merchant requests card tokenization from the API E-commerce Cielo.
  5. The API E-commerce Cielo creates and stores the CardToken.
  6. The API E-commerce Cielo returns the created token for the card in the CardToken parameter.
  7. The merchant stores the CardToken.

ℹ️

See more at the API Reference

Updated 3 days ago