Integration Guides
Start typing to search…

Zero PCI Scope

How It Works

Using this approach for Forter tokenization solution, merchants can process payments without handling raw card details, reducing PCI compliance scope and improving security.

  1. Provisioning Tokens – Obtaining a secure token for a transaction.
  2. Using Tokens – Utilizing tokens for payments, either in single-use or multi-use forms.

Provisioning Tokens

1. Collecting Card Data

This step ensures that merchants do not handle raw card data. Instead, Forter Hosted Fields component securely transmits the card details to Forter and returns a single-use token.

Single-use tokens ensure security by preventing direct card data storage. They are the first step before upgrading to a multi-use token for future transactions.

sequenceDiagram
    autonumber
    participant U as Buyer
    participant CP as Checkout Page
    participant HF as Hosted Fields
    participant F as Forter Tokenization Server
    
    U->>HF: Insert Card Data {cardData}
    HF->>F: Send card data securely {cardData}
    F-->>CP: Response {forterSingleUseToken}

2. Pay with Forter token

At this stage, the merchant uses the single-use token to complete a payment.

sequenceDiagram
    autonumber
    participant U as Buyer
    participant CP as Checkout Page
    participant M as Merchant
    participant F as Forter Proxy
    participant P as Network/PSP
    
    U->>M: Pay {forterSingleUseToken}    
    M->>F: Authorization {forterSingleUseToken}
    F->>P: Authorization {cardData}
    P-->>F: Response {authorizationOutcome}
    F-->>M: Response {authorizationOutcome}
    M-->>CP: Payment Succeeded/Failed
    CP-->>U: Payment Succeeded/Failed

Once authorized, the transaction is completed, and the merchant may choose to upgrade the token for future use.

3. Upgrade

After a payment, merchants must upgrade a token to enable multi-use transactions, allowing future payments without requiring card re-entry.

Forter provides 2 solutions for generating a multi-use token

  1. Network Token: Preferred by issuers, adds security, and increases approval rates.
sequenceDiagram
    autonumber
    participant M as Merchant
    participant F as Forter Tokenization Server
%%    participant FV as Forter Vault
    participant CN as Card Network
    
    M->>F: Upgrade to Multi-Use Token <br> {forterSingleUseToken, networkToken.provision=true}
%%    F->>FV: Retrieve Card Data {forterSingleUseToken}
%%    FV-->>F: Response {cardData}
    F->>CN: Provision Network Token {cardData}
    CN-->>F: Response {networkToken}
    F->>F: Create Multi-Use token {cardData, networkToken}
    F->>M: Response {multiUseToken} 
    M->>M: Save Forter Token {multiUseToken}
  1. Multi-Use Token without Network Token: If a network token isn’t available, Forter provides its own secure token.
sequenceDiagram
    autonumber
    participant M as Merchant
    participant F as Forter Tokenization Server
%%    participant FV as Forter Vault
    
    M->>F: Upgrade to Multi-Use Token <br> {forterSingleUseToken}
%%    F->>FV: Create Multi-Use token {forterSingleUseToken}
%%    FV-->>F: Response {multiUseToken}
    F->>M: Response {multiUseToken} 
    M->>M: Save Forter Token {multiUseToken}

Using Tokens

Once a token has been provisioned, the merchant can use it for future payments. The method depends on whether a Network Token was issued.

Based on the way the token was created there are 2 different options for using the card

  1. Using a Forter Token linked to a Network Token
sequenceDiagram
    autonumber
    participant U as Buyer
    participant CP as Checkout Page
    participant M as Merchant
    participant F as Forter Proxy
%%    participant FV as Forter Vault
    participant PSP as PSP
    participant CN as Card Network
    
    U->>CP: Pay with selected card
    CP->>M: Pay {selectedCardIndex}
    M->>M: Retrieve Forter Multi-Use token {selectedCardIndex}
    M->>F: Authorization <br> {multiUseToken, networkToken.provision=true}
%%    F->>FV: Retrieve Network Token {multiUseToken}
%%    FV-->>F: Response {networkToken}
    F->>CN: Provision Cryptogram {networkToken}
    CN-->>F: Response {cryptogram}
    F->>PSP: Authorization {cryptogram}
    PSP-->>F: Response {authorizationResult}
    F-->>M: Response {authorizationResult}
    M-->>CP: Payment succeeded/failed
    CP-->>M: Payment succeeded/failed

A cryptogram is a secure, time-sensitive authentication value that improves approval rates and security for network token transactions.

  1. Using a Forter Multi-Use Token (No Network Token).
sequenceDiagram
    autonumber
    participant U as Buyer
    participant CP as Checkout Page
    participant M as Merchant
    participant F as Forter Proxy
%%    participant FV as Forter Vault
    participant PSP as PSP
    
    U->>CP: Pay with selected card
    CP->>M: Pay {selectedCardIndex}
    M->>M: Retrieve Forter Multi-Use token {selectedCardIndex}
    M->>F: Authorization <br> {multiUseToken}
%%    F->>FV: Retrieve card data {multiUseToken}
%%    FV-->>F: Response {cardData}
    F->>PSP: Authorization {cardData}
    PSP-->>F: Response {authorizationResult}
    F-->>M: Response {authorizationResult}
    M-->>CP: Payment succeeded/failed
    CP-->>M: Payment succeeded/failed

Updated 10 days ago

What’s Next