Payment Center offers the convenience of storing credit card numbers for recurring billing or facilitating a speedy checkout experience. These credit card numbers are securely encrypted using Salesforce's encryption technology and stored on Salesforce's servers, which comply with PCI standards. Furthermore, Payment Center has recently introduced support for Tokenization. Tokenization involves replacing sensitive payment data with a unique identifier or "token" that cannot be mathematically reversed. Rather than storing the actual credit card numbers, Payment Center stores them in the form of tokens, enhancing the security of the stored information.
So how does this work? Simple, here’s how:
- Payment submission: When a payment is made, it is sent to the payment processor (e.g., CyberSource) for processing. The payment processor handles the transaction securely.
- Credit card storage and token generation: Once the payment processor successfully processes the payment, it securely stores the credit card numbers in its "vault" or secure storage. Simultaneously, the processor generates a unique token that corresponds to the stored credit card information.
- Token retrieval: The generated token is then passed back to Payment Center, which receives and stores it in its system for future use.
- Future purchases: When a customer makes subsequent purchases, Payment Center can use the stored token instead of requesting the actual credit card information. This reduces the need to handle and store sensitive payment data within Payment Center's systems.
Enabling Tokenization
To utilize tokenization within Payment Center, you need to follow these steps:
- Enable tokenization with your payment processor (i.e. CyberSource). Each processor has their own different ways of enabling tokenization within their service. Contact your payment processor for more details.
- Enable tokenization in Payment Center. Go to Payment Center Settings tab, then check Store Credit Card/Bank Account:
- Click on your processor under "Payment Processors," then select "Enable Tokenization." If the checkbox is not visible, you can edit your page layout to display the field on the page.
Tokenization In Action
Below is a sample scenario on how tokenization works within Payment Center:
- Create an invoice and email your customer.
- Your customer receives the invoice and pays online. At this point, your customer enters his/her credit card number:
After processing the payment, a payment receipt will be generated, displaying the Payment Profile under the Payment Method section. - Upon successful payment, a profile is created for your customer. The profile contains the token, instead of the credit card number:
- On future purchases, your customer can simply select the stored profile as form of payment:
Tokenization Without Payments
The above scenario works in such a way that a payment needs to be submitted to the processor before a token can be created. But what if you wanted to create and store a token without submitting a payment? Say it takes a couple of days or weeks to fulfill your customer’s order, but you wanted to take the credit card now then charge it later when you’re ready to ship the order?
In the above scenario, what you can do is create a payment profile for the customer then tokenize the profile.
You can also tokenize multiple profiles at once, as shown below: