Token Migration Process

Token Migration Process

Introduction

Token migration is a complex process that requires a comprehensive understanding of payment data security and adherence to strict compliance standards. We, as a payment provider specializing in vertically integrated Software as a Service (SaaS) partners, are committed to making this process as seamless as possible for our partners. This document outlines the step-by-step procedure for migrating Primary Account Number (PAN) tokens, providing all the necessary support and guidance needed.

Process Overview

The migration process involves several key steps:

1. Initiating the official request process with your existing provider.

2. Confirming the destination is PCI L1 certified, a requirement your current provider will stipulate.

3. Providing necessary details based on your existing vendor's capabilities, such as Secure File Transfer Protocol (SFTP), Hypertext Transfer Protocol (HTTP), etc.

4. Receiving the data, migrating it, and retaining your existing tokens or providing a token mapping for you.

Step-by-step Procedure

Step 1: Initiate Official Request with Existing Provider

Initiate the token migration process by formally requesting your existing provider. This step might involve filling out a form or sending an official request email, depending on your provider's policies and procedures. Make sure to specify your intentions and needs clearly, to avoid any potential misunderstandings and delays.

Important information

Your existing processor will require PGP key to encrypt sensitive data. Please use the following PGP migration key.

Key type: RSA 4096 bits

Fingerprint: 044D A822 4FCE FA6F CB3E 043F 3759 94AE E039 1DC1

User ID: [email protected]

Step 2: Confirm PCI L1 Certified Destination

Your existing provider will require that the destination of the token migration be PCI DSS Level 1 certified. We, as your new provider, are fully PCI DSS Level 1 compliant. Once you receive this request from your existing provider, please forward it to us. We will then provide all the necessary documentation and information required by your existing provider to prove the PCI L1 certification status of our systems. This ensures that we adhere to the strictest security standards, protecting sensitive cardholder data.

Step 3: Provide Necessary Details Based on Existing Vendor's Capabilities

Depending on your existing provider's capabilities, they may require certain details to initiate the token migration. This could include the preferred method of transfer (e.g., SFTP, HTTP), our server details, and authentication credentials. When your existing provider requests this information, kindly forward the request to us. We will promptly provide all the necessary information based on your existing provider's requirements.

Step 4: Data Receipt and Migration

Once we receive the token data from your existing provider, we will initiate the migration process. This process involves validating the data, ensuring integrity, and moving the tokens into our secure systems. We will then conduct rigorous testing to ensure that all migrated tokens are functioning as expected.

As part of this migration, the original card number value will be replaced with a masked card number, and an additional column will be added that contains the Platform token.

Conclusion

Through this document, we have outlined the intricate process of PAN token migration. The process, while complex, is designed to ensure a seamless transition, minimal disruption to your operations, and the highest levels of security and compliance. We understand the importance of this transition for your business and are committed to providing you with all the support you need throughout this process. Should you have any questions or require further clarification on any step in this process, please do not hesitate to contact us. Your trust and satisfaction are our top priority.