Keep customer account information up to date and sensitive cardholder data out

The secure tokenization of cardholder data to reduce the risk of data breaches and minimize the cost and scope of regulatory compliance is the foundation of TokenEx’s Cloud Security Platform. Additionally, our flexible, transparent integrations allow for superior functionality and compatibility with third-party solutions. One such capability is our support for account updater services, which enables our customers to maintain up-to-date cardholder data without reintroducing PANs or other sensitive card information to their environments.

Account Updater Explained

An account updater service exchanges account information updates between card issuers and acquirers (or service providers) for credential-on-file merchants. The account updater service provider will pass the account updater files to the credential-on-file merchants to provide the merchant with up-to-date payment card information, creating a more seamless payment process as cards expire and new cards are issued. Account updater can also be offered as a real-time service via an API. This real-time account updater service allows the merchant to refresh card details at the time of a customer’s transaction, which can be beneficial for non-subscription merchants.

Typically, merchants store data from multiple card brands, so the account updater service provider will have to inquire for all brands included in the merchant’s updater inquiry file. The account updater service provider will pass on the request for each card to the corresponding card network, who will find the issuer for each card to retrieve the updated card information. This information is then compiled into an updater file (an API response if the request was real-time) that is returned to the service provider and ultimately to the merchant.

TokenEx’s Vault Updater

The Vault Updater solution is the managed file transfer (MFT) functionality that allows customers to utilize any account updater service in line with their universal TokenEx token vault. Vault Updater synchronizes our customers’ universal token vaults with their account updater service, preventing the disruption of the standard payment process due to outdated card information. TokenEx Vault Updater also ensures that our customers can keep their cardholder data up to date without ever touching a PAN, minimizing their PCI scope and mitigating the risk of a data breach.

How it Works

TokenEx’s support of account updater services essentially uses our standard MFT—a batch-file process that uses the secure file transfer protocol (SFTP) to transmit data. The only difference is the addition of an updater inquiry file at the beginning of the process. Here’s an example of a typical data flow for an account updater integration:

  1. Customer sends an updater inquiry file to TokenEx containing the tokens the customer wants to update via SFTP.
  2. TokenEx detokenizes the updater inquiry file.
  3. TokenEx sends the updater inquiry file to the account updater service provider via SFTP.
  4. The service provider compiles the updater file and returns it to TokenEx via SFTP.
  5. TokenEx tokenizes all of the PANs in the file.
  6. TokenEx returns the tokenized updater file to the customer via SFTP.

That’s it. The new PANs from the updated accounts are tokenized and safely stored so our customers’ business-as-usual process can continue uninterrupted. With TokenEx’s Vault Updater support, customers can choose any account updater service or services they desire to synchronize their token vaults with account updater.

Topic(s): payments , PCI DSS , tokenization

Keep Up With Our PCI & Privacy Blog