Payment tokens are unique identifiers that replace sensitive payment information and that cannot be mathematically reversed. CyberSource securely stores all the card information, replacing it with the payment token. The token is also known as a subscription ID, which you store on your server.
The payment tokenization solution is compatible with the Visa and Mastercard Account Updater service. Card data stored with CyberSource is automatically updated by participating banks, thereby reducing payment failures. See the Account Updater User Guide (PDF | HTML).
The payment token replaces the card or electronic check bank account number, and optionally the associated billing, shipping, and card information. No sensitive card information is stored on your servers, thereby reducing your PCI DSS obligations.
Instrument identifier tokens created using the Token Management Service (TMS) and third-party tokens represent a payment card number or bank account number. The same card number or bank account number sent in multiple token creation calls results in the same payment token being returned. TMS instrument identifier and third-party tokens cannot be updated. If your merchant account is configured for one of these token types, you receive an error if you attempt to update a token.
When using Secure Acceptance with tokens that represent only the card number or bank account, you must include associated data, such as expiration dates and billing address data, in your transaction request.