The ways in which you choose to send tokenized payment files to your payment processor depends on your type of business and how you interact with your customers.
• A charity organization may not require immediate authorization for recurring donations for accounts on file, so tokens are sent for nightly batch payment processing.
• A global enterprise may need to send secure file transfers of tokens representing thousands of daily transactions to diverse in-county banks for processing.
• Organizations that store payment information for recurring transactions also expect incoming secure file transfers from payment service providers to refresh card expiry dates or replace PANs for compromised accounts.
In all these cases, tokenization of the payment card data should be done at the very edges of the organization. Even returning account updater files, for example, need to be tokenized before entering your business systems for processing. No matter which way you need to process payments, using tokenization to keep the actual payment data out of your systems and safely vaulted is fundamental to lowering PCI compliance costs and eliminating the risk of data theft.
A note on real-time tokenization: In most cases, tokenization of new PANs begins at the very edges of the business systems—such as web store page, a point of sale device, a call center application, a ticketing/reservation system, or a mobile app—where PANs are encrypted and immediately tokenized by TokenEx. Using this model, PANs are never received, stored, or transmitted by your information systems. Once tokenized, payment data is stored in your business systems, and the routine batch processing of tokenized PANs becomes part of the payment processing routine.