Keep customer account information up to date and sensitive cardholder data out

The secure tokenization of cardholder data to reduce the
risk of data breaches and minimize the cost and scope of regulatory compliance is
the foundation of TokenEx’s Cloud Security Platform. Additionally, our flexible,
transparent integrations allow for superior functionality and compatibility with
third-party solutions. One such capability is our support for account updater
services, which enables our customers to maintain up-to-date cardholder data
without reintroducing PANs or other sensitive card information to their

Account Updater

An account updater service exchanges account information
updates between card issuers and acquirers (or service providers) for
credential-on-file merchants. The account updater service provider will pass
the account updater files to the credential-on-file merchants to provide the
merchant with up-to-date payment card information, creating a more seamless
payment process as cards expire and new cards are issued. Account updater can
also be offered as a real-time service via an API. This real-time account
updater service allows the merchant to refresh card details at the time of a
customer’s transaction, which can be beneficial for non-subscription merchants.

Typically, merchants store data from multiple card brands,
so the account updater service provider will have to inquire for all brands
included in the merchant’s updater inquiry file. The account updater service
provider will pass on the request for each card to the corresponding card
network, who will find the issuer for each card to retrieve the updated card
information. This information is then compiled into an updater file (an API
response if the request was real-time) that is returned to the service provider
and ultimately to the merchant.

TokenEx’s Vault

The Vault Updater solution is the managed file transfer (MFT)
functionality that allows customers to utilize any account updater service in line
with their universal TokenEx token vault. Vault Updater synchronizes our
customers’ universal token vaults with their account updater service,
preventing the disruption of the standard payment process due to outdated card
information. TokenEx Vault Updater also ensures that our customers can keep
their cardholder data up to date without ever touching a PAN, minimizing their
PCI scope and mitigating the risk of a data breach.

How it

TokenEx’s support of account updater services essentially uses our
standard MFT—a batch-file process that uses the secure file transfer protocol (SFTP)
to transmit data. The only difference is the addition of an updater inquiry
file at the beginning of the process. Here’s an example of a typical data flow for
an account updater integration:

  1. Customer
    sends an updater inquiry file to TokenEx containing the tokens the customer
    wants to update via SFTP.
  2. TokenEx detokenizes the updater inquiry file.
  3. TokenEx sends the updater inquiry file to the
    account updater service provider via SFTP.
  4. The service provider compiles the updater file and returns it to
    TokenEx via SFTP.
  5. TokenEx tokenizes all of the PANs in the file.
  6. TokenEx returns the tokenized updater file to the customer via

That’s it. The new PANs from the updated
accounts are tokenized and safely stored so our customers’ business-as-usual
process can continue uninterrupted. With TokenEx’s Vault Updater support,
customers can choose any account updater service or services they desire to synchronize
their token vaults with account updater.

Topic(s): payments , PCI DSS , tokenization

Keep Up With Our PCI & Privacy Blog