Skip to main content

What Is Network Tokenization?

Network tokenization replaces a card’s primary account number (PAN) with a token issued by the card network (Visa, Mastercard, or Amex). Unlike PCI Booking’s vault tokens, which are internal references, network tokens are recognized by issuers and can improve authorization rates. A network token is:
  • Bound to your merchant. It cannot be used by anyone else.
  • Automatically updated. When the issuer replaces, renews, or re-issues the card, the network updates the token. No action needed on your side.
  • Tied to a cryptogram. Each transaction generates a unique cryptogram, reducing fraud risk.

Why Use It?

Network tokenization is most valuable for recurring payments and card-on-file scenarios where you store a card long-term and charge it repeatedly.

How It Works with PCI Booking

PCI Booking acts as the Token Requestor with the card networks. You don’t need a direct relationship with Visa, Mastercard, or Amex token services.

From raw card data

  1. You submit card details and cardholder info to PCI Booking’s Network Tokenize a Card endpoint.
  2. PCI Booking submits the request to the card network.
  3. The network issues a network token.
  4. PCI Booking stores the network token and returns a PCI Booking token URI.

From an existing PCI Booking token

If you already have a card stored as a PCI Booking token:
  1. Call Network Tokenize from Token with the existing token URI.
  2. PCI Booking retrieves the card data internally, submits to the network, and stores the resulting network token as a new PCI Booking token.
  3. Optionally delete the original token by setting deleteExisting=true.
In both cases, the resulting PCI Booking token works exactly like any other token for charges, relay, and display.

Supported Networks

Not all cards can be network-tokenized. The issuing bank must support it for the specific card. If a card cannot be tokenized, the API returns error code -150.

Cardholder Information

The card networks use cardholder information for risk scoring when deciding whether to approve the tokenization request. Providing more data increases the chance of approval:
  • Required: First name, last name, IP address, country code
  • Recommended: Email, phone, billing address, postal code
  • Optional: Device location (latitude/longitude), device and account trust scores

Lifecycle Management

Network tokens are managed through PCI Booking:
  • Automatic updates. When the underlying card is renewed or replaced, the network notifies PCI Booking and the token is updated automatically. This is the primary benefit for card-on-file use cases.
  • Deletion. Use Delete Network Token to remove a network token from both the card network and PCI Booking. Always delete network tokens you no longer need.
  • Metadata. Use Retrieve Token Metadata to check if a token is network-tokenized. The NetworkTokenInfo field is present for network tokens.

When to Use Network Tokenization

Good fit:
  • Subscriptions and recurring billing
  • Card-on-file for returning customers
  • Travel bookings with future charge dates
  • Any scenario where you store a card and charge it later
Not needed:
  • One-time payments where the card is used immediately and not stored
  • Token replacement (relay) workflows where you only pass card data to a third party