Tokenizing Cards

Created by Richard Moore, Modified on Thu, 01 Jun 2023 at 11:07 AM by Richard Moore


One critical aspect of secure payment processing is gateway card tokenization. This guide aims to provide a comprehensive understanding of how gateway card tokenization works and why it is crucial for businesses and consumers alike.

What is Tokenization?

  • Gateway card tokenization is a security measure used in payment processing systems to protect sensitive cardholder data during online transactions. It replaces actual payment card details, such as the primary account number (PAN), with a unique identifier called a token.

Benefits of Tokenization

  • Enhanced Security: By replacing sensitive card data with tokens, gateway card tokenization significantly reduces the risk of cardholder data breaches. Even if a hacker gains access to the tokenized data, it holds no value without the corresponding encryption keys.

  • Compliance with Industry Standards: Tokenization helps businesses comply with Payment Card Industry Data Security Standard (PCI DSS) requirements by minimizing the scope of sensitive data storage. With tokenization, the burden of maintaining strict security controls and protecting cardholder data is shifted to the tokenization service provider.
  • Improved User Experience: Tokenization simplifies the checkout process for customers. By securely storing payment credentials, customers can make future purchases without re-entering their card details. This convenience enhances the user experience and reduces cart abandonment rates.

Using Tokenization on Exact

Exact is certified as a PCI DSS Level 1 compliant service provider. This is the highest level of security certification in the payments industry.


Exact strongly recommends using ExactJS Payment Forms to collect the payment details of your customers for payments. The guide here explains how to tokenize payments using ExactJS:

<input type="hidden" name="token" id="token">
<input type="hidden" name="card_brand" id="card_brand">
<input type="hidden" name="expiry_month" id="expiry_month">
<input type="hidden" name="expiry_year" id="expiry_year">
<input type="hidden" name="last4" id="last4">
<input type="hidden" name="order_id" id="order_id">


The API is another option for tokenizing payments. Unlike ExactJS the API can be used to store bank account information.

Note: With the API the merchant is handling the customer credit card information. For this reason Exact recommends ExactJS over the API when tokenizing card data.

Create Payment Method for a Given Account (credit card):

  "type": "card",
  "billingDetails": {
    "name": "Test Payment Method",
    "email": "[email protected]",
    "phone": "5555555555",
    "address": {
      "line1": "12621 N Frank Lloyd Wright Blvd",
      "city": "Scottsdale",
      "state": "AZ",
      "country": "USA",
      "postalCode": "85259"
  "card": {
    "number": "4111111111111111",
    "cvc": "123",
    "expiry": {
      "month": 10,
      "year": 2030
    "tokenType": "gateway",
    "cvcIndicator": "present"

The type and token are returned:

"type": "card",
"token": "b0575637-c08a-4785-bdbf-c8040959ca32"

Create Payment Method for a Given Account (ACH):

  "type": "ach",
  "billingDetails": {
    "name": "ACH Test",
    "email": "[email protected]",
    "phone": "8889997777",
    "address": {
      "line1": "123 136th",
      "city": "Fort Lauderdale",
      "state": "FL",
      "country": "USA",
      "postalCode": "33333"
  "ach": {
    "routingNumber": "1234567",
    "accountNumber": "123456789",
    "bankAccountType": "checking"

The type and token are returned:

"type": "ach",
"token": "v5729172-b90a-2431-cfqa-p6925487vb62"

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select atleast one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article