When performing tokenization (by either Tokenization in Request (Gateway), Tokenization in Response or Universal Tokenization), there may be situations where the card(s) processed cannot be tokenized. In these scenarios, PCI booking will relay the card details as is and will add the reason why the card was not tokenized in a special header
Additionally, in some cases, it may be that the card was tokenized but some of the information mis-matched with the rest of the card details. In these scenarios, PCI Booking will add a
X-pciBooking-Tokenization-Warnings header and provide there explanation as to the mismatched information.
Only valid, non-expired cards are tokenized
PCI compliance applies only to valid cards. Card data with incorrect card numbers or cards which have passed their expiry date do not fall under PCI compliance regulations and so are not tokenized in PCI Booking.
Whenever there is a problem with tokenizing a card, the reason for the tokenization failure will be added to the
X-pciBooking-Tokenization-Errors header. If the message contains more than 1 credit card detail to be tokenized, the
X-pciBooking-Tokenization-Errors header will be formatted as double semi-colon (
;;) separated value list where the location of the error message in the list will match the location of the card in the message.
The cards that were tokenized will be listed as a comma separated value list in the predefined header. The order of the tokens in this list will be in the order that the cards were located in the message.
For example, if there are three credit cards in the message, and the first and third one are correct but the second one is incorrect, the
X-pciBooking-Tokenization-Errors header will look like this:
;;Luhn (Mod10) error;;
Luhn (Mod10) error
PCI Booking uses the Luhn algorithm to verify the card number. If the card number doesn't not match the format of this algorithm (for example, the number is too short), then this error message will be displayed.
The card's expiration date has passed.
Number has less than 12 digits
The card number provided is too short to be a valid card.
Number is longer than 22 chars
The card number provided is too long to be a valid card.
A tokenization warning will be sent whenever there is an issue with the tokenization that does not prevent the PCI Booking system from tokenizing the card - but the customer should be made aware of the issue.
In most cases, the tokenization warnings will only be added when you use the Tokenization in Request (Gateway) method.
Card type validation message
The request contains card type, but the card type doesn't correspond with the card number (e.g. card type = Visa; card number = MasterCard)
The Card type is missing
The request does not contain a card type
Updated over 2 years ago