Whether it be for recurring billing or for simply giving your customers the convenience of a fast “checkout” experience, Payment Center has always provided you the ability to store credit card numbers. These numbers are stored encrypted using Salesforce’s encryption technology, and stored in Salesforce’s PCI compliant servers. In addition to this feature, Payment Center now has added support for Tokenization. Tokenization is the process of replacing sensitive payment data with a unique identifier or “token” that cannot be mathematically reversed. So instead of storing the credit card numbers themselves they are stored in the form of tokens.
So how does this work? Simple, here’s how:
- When a payment is made, it is submitted to the payment processor (i.e. CyberSource) for processing.
- Upon successful payment, the processor stores the credit card numbers in their “vault” and creates a corresponding token.
- The token is then passed back to Payment Center for storage. Payment Center can then use the token on future purchases.
The following are the steps necessary in order to use tokenization within Payment Center:
- Enable tokenization with your payment processor (i.e. CyberSource). Each processor has their own different ways of enabling tokenization within their service. Contact your payment processor for more details.
- Enable tokenization in Payment Center. Go to Payment Center Settings tab, then check Store Credit Card/Bank Account:
- Under Payment Processors, click your processor, then check Enable Tokenization (if box is not visible, edit your page layout and display the field on the page):
Tokenization In Action
Below is a sample scenario on how tokenization works within Payment Center:
- Create an invoice and email your customer.
- Your customer receives the invoice and pays online. At this point, your customer enters his/her credit card number:
- Upon successful payment, a profile is created for your customer. The profile contains the token, instead of the credit card number:
- On future purchases, your customer can simply select the stored profile as form of payment:
Tokenization Without Payments
The above scenario works in such a way that a payment needs to be submitted to the processor before a token can be created. But what if you wanted to create and store a token without submitting a payment? Say it takes a couple of days or weeks to fulfill your customer’s order, but you wanted to take the credit card now then charge it later when you’re ready to ship the order?
In the above scenario, what you can do is create a payment profile for the customer then tokenize the profile.
You can also tokenize multiple profiles at once, as shown below: