Portuguese (BR)
Docs
API StatusSupport

What is network tokenization?

Create a card token to improve security for your customers

Network tokenization is the creation of a token in the card network's vault, in a process regulated by EMVco. This token replaces the open card data, creating the DPAN (Device Primary Account Number), which is the card in tokenized format, and the cryptogram, which is a unique code for the DPAN in each transaction.

Benefits

  • More security: In addition to creating a code (token or DPAN) to replace the open card information (PAN), the networks also issue cryptograms, which work as a password or signature from the network, unique for each transaction.
  • Higher approval performance: Transactions tokenized at the network tend to increase the chance of approval by issuers, since the open card (PAN) is replaced by the network token (DPAN) in the authorization flow, making the process more secure.

Transparent network tokenization for Visa

This option is already enabled for all API E-commerce Cielo clients. When the merchant sends a transaction with the open Visa card (PAN), Cielo creates and stores a network token (DPAN) with Visa.

ℹ️

Visa charges a 0.05% fee on the transaction amount for transactions submitted with the open card (PAN). Although the API E-commerce Cielo accepts the PAN for transaction creation, Cielo creates and stores a Visa network token for that card to avoid additional costs for the merchant.

For security and compliance with network rules, we recommend that merchants integrate with tokenization and card storage in the Cielo vault.

Cielo facilitated integration

For clients using Cartão Protegido (tokenization in the Cielo vault) and with network tokenization enabled, when Cielo receives a transaction with the CardToken, it will process the transaction using the DPAN (network token) and cryptogram (unique per transaction).

Accepted networks: Visa and Mastercard.

NetworkHow payment data is sentService activation
VisaThe merchant stores and sends the real card data (PAN) or the CardToken in the authorization, and Cielo associates the data with the network token.Enabled for all merchants integrated with API E-commerce Cielo.
MastercardThe merchant stores and sends the CardToken in the authorization, and Cielo associates the CardToken with the network token.Merchants already using tokenization and storage in the vault (CardToken) can enable network tokenization with Cielo support.

⚠️

Warning

The success of DPAN creation is subject to the eligibility of the card BIN according to the card network's rules.

Network tokenization flow


  1. The shopper provides the card data (PAN) and allows the merchant to store the card data (for recurring or future one-click purchases).
  2. The merchant requests card validation with Zero Auth.
  3. Zero Auth returns that the card is valid.
  4. The merchant requests card tokenization from the API E-commerce Cielo.
  5. The API E-commerce Cielo requests network tokenization (DPAN).
  6. The network returns the DPAN and cryptogram to the API E-commerce Cielo.
  7. The API E-commerce Cielo stores the DPAN and creates and stores the CardToken in Cartão Protegido.
  8. The API E-commerce Cielo returns the created token for the card in the CardToken parameter to the merchant.
  9. The merchant stores the CardToken for future transactions.

📘

Please refer to the API Reference to see the full request for Creating a payment using an external network token

Updated 3 days ago