When a new customer checks out, we want a token to be generated after their credit card is entered so that the cc is not stored on our server. We do not want to charge that credit card until the order (with the token included instead of the cc number) is downloaded. When the customer's data, including the cc number is submitted to authorize.net through the developer API, how is the token returned for storage on our server since the card is not yet authorized. Thanks.
I have somewhat of a follow-up question posted by rreed. I have a similar objectives recalling card info at a later time. But, should we really use CIM profiles for those credit cards that the customers do NOT really want to save and/or manage? For example, guest check-outs.
Does it imply that we need to create, basically, a disposable profile which then will be have to pruned once it's certain that the transaction cycle is really compete?
Reading through the API docs, I also stumbled onto this tokenized credit card concept Tokenized Credit Card. Does this have any relationship to CIM profiles at all?
Can this be an alternative solution? If so, what is the life of the Tokenized Credit Card?
I apologize for the dribble, a newbie member. I would like to add to my earlier post, maybe to clarify things a bit more.
@RichardH's suggestion of creating Profile ID for future use, I assume that when I'm ready to generate a CC transaction against that card, I would then use the method described in payment-transactions-charge-a-customer-profile of the API docs.
But, let's say that the circumstance is that this is guest user placing an order for an item that's on Pre-Order. This one-time use Profile ID would later have to be deleted.
The tokenized credit card concept described in Charge a Tokenized Credit Card section of the API docs, seems to imply a different type of card saving information method which does not involve CIM Profiles at all.
However, I have not been able to find any information on how to create a token for a Credit Card. How long would Authorize.Net retain this token? Do we have any control over the tokens, and etc.
I finally got a clarification from AuthNet's developer support. The tokenized credit card concept described in Charge a Tokenized Credit Card section of the API docs refers to the Visa CheckOut program.
So, not a solution.
Thank you for your answer. I am having issue with CMI too. When I try to use customer profile api I did not got the token. I was told I need to get the token from the bank/payment provider.
Is this true. How can i use the CMI to process credit card again without asking customer to enter their CC number?
When ever I try to use the Customer profile it keep asking me token which I don't have and not sure how can I get token?
Any help will be really appreciated!
Broken Arrow Wear
I understand your confusion. The word "token" or "tokenization" can be confusing and are often used interchangeably across multiple systems and processes.
When you create customer profiles with Authorize.Net Customer Information Manager (CIM), you can securely store sensitive payment data on our servers and we return a "token" which consists of a customer and payment profile id which you can safely store within your application and then use for subsequent transactions.
More recently, several of the card brands have begun using tokenization which replaces sensitive payment information such as a card number with a token. Visa has an excellent infographic which provides a detailed overview.
I hope this helps explain the differences and similarities. Using CIM, you can securely store payment data and use our Authorize.Net specific token consisting of a customer and payment profile for future transactions.