Credit card tokens are stored in Cus_Credit_Card_Profile.PROFILE_REFERENCE. The date of the token is stored in Cus_Credit_Card_Profile.PROFILE_DATE.Credit card companies have defined security standards that must be followed by companies and organizations taking credit card payments. The purpose of the security standards is to eliminate opportunities for theft and fraud of credit card data. These security standards require payment applications (such as Personify360) to not store full credit card numbers.
The way in which Personify360 complies with credit card security standards is that tokens are used as a replacement for full credit card numbers. A token, which is a random number, serves as a reference to a customer’s real credit card number, but has no exploitable value by itself. The token is a reference to the credit card, not to a transaction.
Any time a credit card authorization or settlement activity is created in Personify360, the credit card processor returns a token, which is stored in Personify360. If the customer had previous activities with the credit card, the last token is updated with the new token, along with the date of the new token.
For organizations using PayPal (formerly known as Verisign), each credit card token is good for one year. The CCP650 batch process will re-tokenize credit cards if the token is about to expire. CyberSource and Vantiv tokens never expire, so organizations using these payment handlers do not need to run the CCP650 batch process.
Credit card tokens are stored in Cus_Credit_Card_Profile.PROFILE_REFERENCE. The date of the token is stored in Cus_Credit_Card_Profile.PROFILE_DATE.