Payment Processing
...
Payment Processing Stages
Set Payment

Tokenized Set Payment

3min

Tokenized Set Payment offers a secure and efficient way to process customer credit card payments. Instead of storing sensitive card details directly in your system, it relies on tokens - unique identifiers that act like reference codes for the actual card information. This significantly reduces the risk of data breaches and streamlines recurring payments, especially beneficial for repeat customers in the apparel industry who might be purchasing new clothes or accessories regularly.

How it Works

A customer visits your online store and makes a purchase. During checkout, they check a box saying "Save this card for future purchases" or similar. They agree to the terms of service, which include allowing the payment provider to store their card information. This generates a secure token representing their card details, without ever revealing the actual card number. Now, for future purchases, they can simply choose their saved payment method and enjoy a faster checkout experience.

Document image


Here's what happens behind the scenes:

  • Customer authorizes tokenization: Your customer authorizes their preferred payment provider to generate a secure token representing their card information. This token never reveals the actual card details.
  • Token sent to UpStart Commerce: You receive the token from the customer or their payment provider. No sensitive card information is ever handled within your system.
  • Secure storage and mapping: We securely store the token in your designated "Payments" table, along with customer ID, cart ID, and other relevant information. We also map the token to the actual card data stored securely with the payment provider.
  • Cart updates payment object: Your shopping cart system accesses the stored token and updates the associated payment object. This allows for displaying payment information and managing the checkout process.
  • Payment processing: When a payment needs to be processed, we send the token to the payment gateway along with transaction details. The gateway then uses the token to securely retrieve the actual card data from the provider and process the payment.

At the Backend

  • Secure Token Generation: Your customer's chosen payment provider creates a unique token representing their card details. This token is like a secure reference code, never revealing the actual card information.
  • Secure Storage and Mapping: We create a secure map linking the token to the actual card data, securely stored with your chosen payment provider. 
  • Secure Payment Processing: When a payment needs to be made, we send the token along with transaction details to the chosen payment gateway.

Additional Information

  • PSP Integration: Tokenized payments are processed through a Payment Service Provider (PSP). PSP handles tokenization and secure storage of card data
  • API Integration: UpStart Commerce provides an API endpoint for tokenized card payments.
    • Required headers: X-Upstart-Tenant, X-Upstart-Site, Authorization (Bearer token)
  • Required Payment Information:
    • Amount to be charged
    • Provider (e.g., "Cybersource")
    • Token representing the card
    • CVV for additional security
    • Billing information (name, email, address)
  • Security Considerations
    • All API calls use HTTPS for data encryption
    • Bearer tokens must be securely managed and rotated regularly
    • CVV required for each transaction, even with tokens