Payment Network Tokenization Using the SCMP API

Transcription

1 Title Page Payment Network Tokenization Using the SCMP API Supplement to Credit Card Services Using the SCMP API June 2016 CyberSource Corporation HQ P.O. Box 8999 San Francisco, CA Phone:

2 CyberSource Contact Information For general information about our company, products, and services, go to For sales questions about any CyberSource Service, or call or (toll free in the United States). For support information about any CyberSource Service, visit the Support Center at Copyright 2016 CyberSource Corporation. All rights reserved. CyberSource Corporation ("CyberSource") furnishes this document and the software described in this document under the applicable agreement between the reader of this document ("You") and CyberSource ("Agreement"). You may use this document and/or software only in accordance with the terms of the Agreement. Except as expressly set forth in the Agreement, the information contained in this document is subject to change without notice and therefore should not be interpreted in any way as a guarantee or warranty by CyberSource. CyberSource assumes no responsibility or liability for any errors that may appear in this document. The copyrighted software that accompanies this document is licensed to You for use only in strict accordance with the Agreement. You should read the Agreement carefully before using the software. Except as permitted by the Agreement, You may not reproduce any part of this document, store this document in a retrieval system, or transmit this document, in any form or by any means, electronic, mechanical, recording, or otherwise, without the prior written consent of CyberSource. Restricted Rights Legends For Government or defense agencies. Use, duplication, or disclosure by the Government or defense agencies is subject to restrictions as set forth the Rights in Technical Data and Computer Software clause at DFARS and in similar clauses in the FAR and NASA FAR Supplement. For civilian agencies. Use, reproduction, or disclosure is subject to restrictions set forth in subparagraphs (a) through (d) of the Commercial Computer Software Restricted Rights clause at and the limitations set forth in CyberSource Corporation's standard commercial agreement for this software. Unpublished rights reserved under the copyright laws of the United States. Trademarks CyberSource, The Power of Payment, CyberSource Payment Manager, CyberSource Risk Manager, CyberSource Decision Manager, CyberSource Connect, Authorize.Net, and echeck.net are trademarks and/or service marks of CyberSource Corporation. All other brands and product names are trademarks or registered trademarks of their respective owners. 2

3 Contents CONTENTS Recent Revisions to This Document 4 About This Guide 5 Audience and Purpose 5 Conventions 5 Related Documents 6 Customer Support 6 Chapter 1 Payment Network Tokenization 7 Terminology 7 Integrating Payment Network Tokenization 7 In-App Transactions 8 Optional Features 11 Processor-Specific Information 11 Recurring Payments 11 Appendix A API Fields 13 Formatting Restrictions 13 Data Type Definitions 13 Relaxed Requirements for Address Data and Expiration Date 14 Request-Level Fields 16 Reply Fields 21 Appendix B Examples 24 Payment Network Tokenization Using the SCMP API June

4 Recent Revisions to This Document REVISIONS Release Changes June 2016 Added supported acquirers for OmniPay Direct. See page 7. May 2016 Added support for Streamline: List of supported processors under "Integrating Payment Network Tokenization," page 7 "Processor-Specific Information," page 11 Added the payment_network_token_device_tech_type field. See page 17. April 2016 Added the following reply fields (see page 21): auth_payment_card_service auth_payment_card_service_result auth_transaction_qualification auth_reversal_payment_card_service auth_reversal_payment_card_service_result Updated the description of the e_commerce_indicator field. See page 17. March 2016 Added the Relaxed Requirements for Address Data and Expiration Date section. See page 14. Updated the values for the e_commerce_indicator field. See page 17. December 2015 Updated the Related Documents section. See page 6. Added support for Moneris: List of supported processors under "Integrating Payment Network Tokenization," page 7 "Processor-Specific Information," page 11 October 2015 Added support for OmniPay Direct: List of supported processors under "Integrating Payment Network Tokenization," page 7 "Processor-Specific Information," page 11 Payment Network Tokenization Using the SCMP API June

5 About This Guide ABOUT GUIDE Audience and Purpose This document is written for application developers who want to add payment network tokenization functionality to an order management system that already uses CyberSource credit card services. This document assumes that you are already familiar with the CyberSource credit card services as described in Credit Card Services Using the SCMP API. Updating the CyberSource credit card services requires software development skills. You must write code that uses the API request and reply fields to integrate the payment network tokenization functionality into your existing order management system. Conventions The following special statement is used in this document: Note A Note contains helpful suggestions or references to material not contained in this document. The following text conventions are used in this document: Table 1 Text Conventions Convention Meaning bold Field and service names in text; for example: Include the ics_applications field. monospace XML elements. Code examples. Values for API fields; for example: Set the ics_applications field to ics_auth. Payment Network Tokenization Using the SCMP API June

6 About This Guide Related Documents Getting Started with Apple Pay on the CyberSource Platform (PDF HTML) Getting Started with CyberSource Advanced for the SCMP API (PDF HTML) Credit Card Services Using the SCMP API (PDF HTML) Card-Present Processing Using the SCMP API (PDF HTML) Refer to the Support Center for complete CyberSource technical documentation: Customer Support For support information about any CyberSource service, visit the Support Center: Payment Network Tokenization Using the SCMP API June

7 Payment Network Tokenization CHAPTER 1 Terminology Table 2 Payment Network Tokenization Terminology Term Cryptogram In-app transaction Definition Unique encrypted value that is dynamically generated by a chip and used for authentication for in-app transactions. E-commerce transaction for which an application on the customer s mobile device provides the token data. Integrating Payment Network Tokenization Processors: American Express Direct Chase Paymentech Solutions CyberSource through VisaNet. FDC Compass FDC Nashville Global GPN Moneris OmniPay Direct. The supported acquirers are: First Data Merchant Solutions (Europe) Global Payment International Acquiring Streamline TSYS Acquiring Solutions Payment Network Tokenization Using the SCMP API June

8 Chapter 1 Payment Network Tokenization Service: Authorization see Credit Card Services Using the SCMP API for information about requesting the authorization service. Card Types: Visa MasterCard American Express Payment network tokenization enables you to request a payment transaction with a token instead of a primary account number (PAN). This guide explains how to use payment network tokenization in credit card transactions. Note This document describes how to integrate the pass-through processing of tokens into your order management system. It does not describe token provisioning. For information about token provisioning, contact your token service provider. Note Payment network tokenization and CyberSource payment tokenization are not the same feature. With payment network tokenization, the token is created by a token service provider and can be used throughout the financial network. With CyberSource payment tokenization, the token is created by CyberSource and can be used only with CyberSource services. In-App Transactions For in-app transactions, payment network tokenization uses some of the payer authentication request fields. This approach to payment network tokenization simplifies your implementation if your order management system already uses payer authentication. In the authorization request: Set the account number field to the token value instead of to the customer s PAN. Obtain the token value from the token service provider. The account number field is customer_cc_number. Set the expiration date fields to the token expiration date instead of to the credit card expiration date. Obtain the token expiration date from the token service provider. The expiration date fields are customer_cc_expmo and customer_cc_expyr. Include the transaction type field, which is payment_network_token_transaction_ type. Payment Network Tokenization Using the SCMP API June

9 Chapter 1 Payment Network Tokenization On CyberSource through VisaNet you can choose to include the requestor ID field, which is payment_network_token_requestor_id. Include the following payer authentication fields: For Visa requests: e_commerce_indicator=vbv or internet cavv=cryptogram xid=cryptogram For MasterCard requests: e_commerce_indicator=spa ucaf_authentication_data=cryptogram ucaf_collection_indicator=2 For American Express requests: For the American Express card type, the cryptogram is a 20-byte or 40-byte binary value. Note On some processors, American Express SafeKey is not supported, but you can use the American Express SafeKey fields for payment network tokenization. For a 20-byte cryptogram, send the cryptogram in the cardholder authentication verification value (CAVV) field. e_commerce_indicator=aesk cavv=block A of the cryptogram For a 40-byte cryptogram, split the cryptogram into two 20-byte binary values (block A and block B). Send the first 20-byte value (block A) in the cardholder authentication verification value (CAVV) field. Send the second 20-byte value (block B) in the transaction ID (XID) field. e_commerce_indicator=aesk cavv=block A of the cryptogram xid=block B of the cryptogram Include the basic fields required for every authorization request: bill_address1 bill_city bill_country Payment Network Tokenization Using the SCMP API June

10 Chapter 1 Payment Network Tokenization bill_state required only for transactions in the U.S. and Canada. bill_zip required only for transactions in the U.S. and Canada. card_type CyberSource strongly recommends that you send the card type even if it is optional for your processor. Omitting the card type can cause the transaction to be processed with the wrong card type. currency customer_ customer_firstname customer_lastname grand_total_amount or offer0:amount ics_applications merchant_id merchant_ref_number For descriptions of these fields, see Request-Level Fields in Credit Card Services Using the SCMP API. After a successful authorization request, the rest of the credit card processing proceeds as described in Credit Card Services Using the SCMP API. Payment Network Tokenization Using the SCMP API June

11 Chapter 1 Payment Network Tokenization Optional Features Processor-Specific Information Table 3 Optional Features Supported for Each Processor Processor American Express Direct Chase Paymentech Solutions CyberSource through VisaNet FDC Compass FDC Nashville Global GPN Moneris OmniPay Direct Streamline TSYS Acquiring Solutions Supported Optional Features Payment network tokenization is supported for recurring payments. Payment network tokenization is supported for multiple captures and recurring payments. Payment network tokenization is supported for split shipments and recurring payments. Payment network tokenization is supported for multiple captures and recurring payments. Payment network tokenization is supported for recurring payments. Payment network tokenization is supported for multiple captures, split shipments, and recurring payments. Payment network tokenization is supported for recurring payments. Payment network tokenization is supported for multiple captures and recurring payments. Payment network tokenization is supported for recurring payments. Payment network tokenization is supported for recurring payments. Recurring Payments To create a recurring payment that uses payment network tokenization: Step 1 For the first recurring payment, the type of request you need to send depends on which processor and card type you are using. For MasterCard and American Express transactions on FDC Nashville Global, include the following fields and values in the request for the first payment: e_commerce_indicator=spa or aesk depending on the card type auth_first_recurring_payment=y Payment Network Tokenization Using the SCMP API June

12 Chapter 1 Payment Network Tokenization customer_cc_cv_number For all card types on OmniPay Direct, request a non-recurring transaction and include the following fields and values in the request for the first payment: e_commerce_indicator=vbv or spa depending on the card type auth_first_recurring_payment=y For all other processors and card types, send a request for a credit card authorization that uses payment network tokenization as described in "Integrating Payment Network Tokenization," page 7. Set the e-commerce indicator to vbv, spa, or aesk depending on the card type. Step 2 For each subsequent recurring payment: Set the e-commerce indicator to recurring. The e-commerce indicator field is e_commerce_indicator Include the transaction type field, which is payment_network_token_ transaction_type. Do not include the cryptogram. For a complete description of recurring payments, see Credit Card Services Using the SCMP API. Payment Network Tokenization Using the SCMP API June

13 API Fields APPENDIX A Formatting Restrictions Unless otherwise noted, all fields are order and case insensitive and the fields accept special characters such #, and %. Note Values for request-level and offer-level fields must not contain carets (^) or colons (:). However, they can contain embedded spaces and any other printable characters. When you use more than one consecutive space, CyberSource removes the extra spaces. Data Type Definitions Data Type Date and time Decimal Description Format is YYYY-MM-DDThhmmssZ, where: T separates the date and the time Z indicates Coordinated Universal Time (UTC), which is also known as Greenwich Mean Time Example: T224757Z equals August 11, 2016, at 22:47:57 (10:47:57 p.m.) Number that includes a decimal point Examples: 23.45, -0.1, 4.0, Integer Whole number {..., -3, -2, -1, 0, 1, 2, 3,...} Nonnegative integer Whole number greater than or equal to zero {0, 1, 2, 3,...} Positive integer Whole number greater than zero {1, 2, 3,...} String Sequence of letters, numbers, spaces, and special characters Payment Network Tokenization Using the SCMP API June

14 Appendix A API Fields Relaxed Requirements for Address Data and Expiration Date Processors: American Express Direct Chase Paymentech Solutions CyberSource through VisaNet FDC Compass FDC Nashville Global GPN OmniPay Direct To enable relaxed requirements for address data and expiration date, contact CyberSource Customer Support to have your account configured for this feature. Historically, this data was mandated by CyberSource. With the advent of digital payments and an increasingly global e-commerce environment, CyberSource decided to relax the requirements for address data and expiration date. Relaxed requirements for address data and expiration date make the following fields optional for payment processing: bill_address1 bill_city bill_country bill_state bill_zip: if you include this field in your request, you must also include bill_country. customer_cc_expmo: if you include this field in your request, you must also include customer_cc_expyr. customer_cc_expyr: if you include this field in your request, you must also include customer_cc_expmo. customer_ customer_firstname customer_lastname Payment Network Tokenization Using the SCMP API June

15 Appendix A API Fields Important When relaxed requirements for address data and expiration date are enabled for your CyberSource account, and your service request does not include one or more of the fields in the preceding list, you increase the risk of declined transactions and fraud depending on your location, your processor, and the cardholder's issuing bank. It is your responsibility to determine whether a field is required for the transaction you are requesting. For example, effective October 2014, an issuing bank can decline an authorization request for a recurring transaction with a Visa Europe card if the expiration date is incorrect, invalid, or missing. If you do not provide the correct expiration date for a recurring transaction, the authorization request may be declined. Payment Network Tokenization Using the SCMP API June

16 Appendix A API Fields Request-Level Fields Important When you send an authorization request with payment network tokenization data, you must include the basic fields required for every authorization request. For information about the non-payment network tokenization fields required for authorization requests, see Table 4 Request-Level Fields Field Description Used By: Required (R) or Optional (O) cavv Visa Cryptogram for payment network tokenization transactions. The value for this field must be 28-character base64 or 40-character hex binary. All cryptograms use one of these formats. American Express For a 20-byte cryptogram, set this field to the cryptogram for payment network tokenization transactions. For a 40-byte cryptogram, set this field to block A of the cryptogram for payment network tokenization transactions. The value for this field must be 28-character base64 or 40-character hex binary. All cryptograms use one of these formats. CyberSource through VisaNet The value for this field corresponds to the following data in the TC 33 capture file: Record: CP01 TCR8 Position: Field: CAVV version and authentication action. ics_auth (Required for in-app payment network tokenization transactions with Visa or American Express) Data Type & Length String (40) Payment Network Tokenization Using the SCMP API June

17 Appendix A API Fields Table 4 Request-Level Fields (Continued) Field Description Used By: Required (R) or Optional (O) e_commerce_indicator In-App Transactions Type of payer authentication fields that are being used for the payment network tokenization transaction. Possible values: aesk: American Express SafeKey ics_auth (Required for payment network tokenization) Data Type & Length String (13) spa: MasterCard SecureCode vbv or internet: Verified by Visa payment_network_ token_assurance_level payment_network_ token_device_tech_ type Important For Visa in-app transactions, the vbv value is mapped to the Visa ECI value 5 and the internet value is mapped to the Visa ECI value 7. Note For recurring payments, set this field to a value from the preceding list for the first payment and set this field to recurring for subsequent payments. Confidence level of the tokenization. This value is assigned by the token service provider. This field is supported only for CyberSource through VisaNet and FDC Nashville Global. Type of technology used in the device to store token data. Possible values: 001: Secure element (SE) Smart card or memory with restricted access and strong encryption, which prevents tampering. To store payment credentials, an SE is tested against a set of requirements defined by the payment networks. This technology is used by Apple Pay. 002: Host card emulation (HCE) Emulation of a smart card by using software to create a virtual and exact representation of the card. Sensitive data is stored in a database that is hosted in the cloud. To store payment credentials, a database must meet very high level security requirements that exceed PCI DSS. This technology is used by Android Pay. This field is supported only for FDC Compass. ics_auth (O) String (2) ics_auth (O) ics_credit (O for standalone credits; otherwise, not used.) Integer (3) Payment Network Tokenization Using the SCMP API June

18 Appendix A API Fields Table 4 Request-Level Fields (Continued) Field Description Used By: Required (R) or Optional (O) payment_network_ token_requestor_id payment_network_ token_transaction_type Value that identifies your business and indicates that the cardholder s account number is tokenized. This value is assigned by the token service provider and is unique within the token service provider s database. This field is supported only for CyberSource through VisaNet and FDC Nashville Global. Type of transaction that provided the token data. This value does not specify the token service provider; it specifies the entity that provided you with information about the token. Possible values: 1: In-app transaction. An application on the customer s mobile device provided the token data for an e-commerce transaction. For recurring transactions, use this value if the original transaction was an in-app e-commerce transaction. ics_auth (O) ics_credit (O for standalone credits; otherwise, not used.) ics_auth (Required for payment network tokenization) Data Type & Length Integer (11) String (1) Payment Network Tokenization Using the SCMP API June

19 Appendix A API Fields Table 4 Request-Level Fields (Continued) Field Description Used By: Required (R) or Optional (O) pos_environment Operating environment. Possible values: 0: No terminal used or unknown environment. 1: On merchant premises, attended. ics_auth (Optional for in-app payment network tokenization transactions.) Data Type & Length String (1) 2: On merchant premises, unattended, or cardholder terminal. Examples: oil, kiosks, self-checkout, home computer, mobile telephone, personal digital assistant (PDA). Cardholder terminal is supported only for MasterCard transactions on CyberSource through VisaNet. 3: Off merchant premises, attended. Examples: portable POS devices at trade shows, at service calls, or in taxis. 4: Off merchant premises, unattended, or cardholder terminal. Examples: vending machines, home computer, mobile telephone, PDA. Cardholder terminal is supported only for MasterCard transactions on CyberSource through VisaNet. 5: On premises of cardholder, unattended. 9: Unknown delivery mode. S: Electronic delivery of product. Examples: music, software, or etickets that are downloaded over the internet. T: Physical delivery of product. Examples: music or software that is delivered by mail or by a courier. This field is supported only for American Express Direct and CyberSource through VisaNet. CyberSource through VisaNet For MasterCard transactions, the only valid values are 2 and 4. ucaf_authentication_ data Cryptogram for payment network tokenization transactions with MasterCard. ics_auth (Required for in-app payment network tokenization transactions with MasterCard) String (32) Payment Network Tokenization Using the SCMP API June

20 Appendix A API Fields Table 4 Request-Level Fields (Continued) Field Description Used By: Required (R) or Optional (O) ucaf_collection_ indicator xid Required field for payment network tokenization transactions with MasterCard. Set the value for this field to 2. Visa Cryptogram for payment network tokenization transactions. The value for this field must be 28-character base64 or 40-character hex binary. All cryptograms use one of these formats. American Express For a 20-byte cryptogram, do not include this field in requests for payment network tokenization transactions. For a 40-byte cryptogram, set this field to block B of the cryptogram for payment network tokenization transactions. The value for this field must be 28-character base64 or 40-character hex binary. All cryptograms use one of these formats. ics_auth (Required for in-app payment network tokenization transactions with MasterCard) ics_auth (Required for in-app payment network tokenization transactions with: - Visa - American Express for 40-byte cryptograms only) Data Type & Length String with numbers only (1) String (40) Payment Network Tokenization Using the SCMP API June

21 Appendix A API Fields Reply Fields The fields in this section are supported only for CyberSource through VisaNet. Important When you send an authorization request with payment network tokenization data, you receive basic fields returned by every authorization response. For information about the non-payment network tokenization reply fields, see Table 5 Reply Fields Field Description Returned By Data Type & Length auth_payment_card_ service auth_payment_card_ service_result MasterCard service that was used for the transaction. MasterCard provides this value to CyberSource. Possible value: 53: MasterCard card-on-file token service This field is returned only for CyberSource through VisaNet. Result of the MasterCard card-on-file token service. MasterCard provides this value to CyberSource. Possible values: C: Service completed successfully. F: One of the following: Incorrect MasterCard POS entry mode. The MasterCard POS entry mode should be 81 for an authorization or authorization reversal. Incorrect MasterCard POS entry mode. The MasterCard POS entry mode should be 01 for a tokenized request. Token requestor ID is missing or formatted incorrectly. I: One of the following: Invalid token requestor ID. Suspended or deactivated token. Invalid token (not in mapping table). T: Invalid combination of token requestor ID and token. U: Expired token. W: Primary account number (PAN) listed in electronic warning bulletin.this field is returned only for CyberSource through VisaNet. ics_auth String (2) ics_auth String (1) Payment Network Tokenization Using the SCMP API June

22 Appendix A API Fields Table 5 Reply Fields (Continued) Field Description Returned By Data Type & Length auth_reversal_ payment_card_service auth_reversal_ payment_card_service_ result auth_transaction_ qualification MasterCard service that was used for the transaction. MasterCard provides this value to CyberSource. Possible value: 53: MasterCard card-on-file token service This field is returned only for CyberSource through VisaNet. Result of the MasterCard card-on-file token service. MasterCard provides this value to CyberSource. Possible values: C: Service completed successfully. F: One of the following: Incorrect MasterCard POS entry mode. The MasterCard POS entry mode should be 81 for an authorization or authorization reversal. Incorrect MasterCard POS entry mode. The MasterCard POS entry mode should be 01 for a tokenized request. Token requestor ID is missing or formatted incorrectly. I: One of the following: Invalid token requestor ID. Suspended or deactivated token. Invalid token (not in mapping table). T: Invalid combination of token requestor ID and token. U: Expired token. W: Primary account number (PAN) listed in electronic warning bulletin.this field is returned only for CyberSource through VisaNet. Type of authentication for which the transaction qualifies as determined by the MasterCard authentication service, which confirms the identity of the cardholder. MasterCard provides this value to CyberSource. Possible values: 1: Transaction qualifies for MasterCard authentication type 1. 2: Transaction qualifies for MasterCard authentication type 2. This field is returned only for CyberSource through VisaNet. ics_auth_reversal String (2) ics_auth_reversal String (1) ics_auth String (1) Payment Network Tokenization Using the SCMP API June

23 Appendix A API Fields Table 5 Reply Fields (Continued) Field Description Returned By Data Type & Length card_suffix payment_network_ token_account_status payment_network_ token_assurance_level payment_network_ token_original_card_ category payment_network_ token_requestor_id Last four digits of the cardholder s account number. This field is returned only for tokenized transactions. You can use this value on the receipt that you give to the cardholder. This field is returned only for CyberSource through VisaNet and FDC Nashville Global. Possible values: N: Nonregulated R: Regulated This field is returned only for CyberSource through VisaNet. Confidence level of the tokenization. This value is assigned by the token service provider. This field is returned only for CyberSource through VisaNet and FDC Nashville Global. MasterCard product ID associated with the primary account number (PAN). For the possible values, see MasterCard Product IDs in Credit Card Services Using the SCMP API. This field is returned only for MasterCard transactions on CyberSource through VisaNet. Value that identifies your business and indicates that the cardholder s account number is tokenized. This value is assigned by the token service provider and is unique within the token service provider s database. This value is returned only if the processor provides it. This field is supported only for CyberSource through VisaNet and FDC Nashville Global. ics_auth String (4) ics_auth String (1) ics_auth String (2) ics_auth String (3) ics_auth Integer (11) Payment Network Tokenization Using the SCMP API June

24 Examples APPENDIX B Example 1 In-App Authorization Request for Visa merchant_id=foster_city_flowers merchant_ref_number= customer_firstname=jane customer_lastname=smith bill_address1=100 Main Street bill_address2=suite 1234 bill_city=foster City bill_state=ca bill_zip=94404 bill_country=us customer_ =jsmith@example.com currency=usd grand_total_amount=16.00 customer_cc_number= customer_cc_expmo=12 customer_cc_expyr=2031 ics_applications=ics_auth cavv=ehuww9pibkwvqe5jurwdzaufbak= e_commerce_indicator=vbv xid=ehuww9pibkwvqe5jurwdzaufbak= payment_network_token_transaction_type=1 Payment Network Tokenization Using the SCMP API June

25 Appendix B Examples Example 2 In-App Authorization Request for MasterCard merchant_id=foster_city_flowers merchant_ref_number= customer_firstname=jane customer_lastname=smith bill_address1=100 Main Street bill_address2=suite 1234 bill_city=foster City bill_state=ca bill_zip=94404 bill_country=us customer_ =jsmith@example.com currency=usd grand_total_amount=16.00 customer_cc_number= customer_cc_expmo=12 customer_cc_expyr=2031 ics_applications=ics_auth e_commerce_indicator=spa ucaf_authentication_data=ehuww9pibkwvqe5jurwdzaufbak= ucaf_collection_indicator=2 payment_network_token_transaction_type=1 Example 3 In-App Authorization Request for American Express merchant_id=foster_city_flowers merchant_ref_number= customer_firstname=jane customer_lastname=smith bill_address1=100 Main Street bill_address2=suite 1234 bill_city=foster City bill_state=ca bill_zip=94404 bill_country=us customer_ =jsmith@example.com currency=usd grand_total_amount=16.00 customer_cc_number= customer_cc_expmo=12 customer_cc_expyr=2031 ics_applications=ics_auth cavv=ehuww9pibkwvqe5jurwd e_commerce_indicator=aesk xid=bkwvqe5jurwdzaufbak= payment_network_token_transaction_type=1 Payment Network Tokenization Using the SCMP API June