Universal Tokens

Securely collect, store, and analyze payment data across in-person and online channels. Reduce your PCI scope by up to 90%, increase authorization rates, and send payment data to multiple processors.

Key Benefits

Minimize PCI Compliance Burden

Replace sensitive data with non-sensitive tokens and spend less time, money, and resources on PCI audits.

Secure payment data across all channels

Multiple options to capture payment data from websites, mobile apps, APIs, or in person with a PCI-validated Point-to-Point Encryption (P2PE) solution.

Improve payment authorization

Seamlessly switch, add, or remove payment processors to maximize your transaction approvals.

Gain customer insights

Tracking customer purchases across channels and processors is easy with all your payment data in a single location.

How it Works

Securely accept payments…everywhere

Accept payment information across different channels, all while reducing your PCI scope and gaining flexibility and control over your payments.

With Universal Tokens, you have one payment token that spans your in-person and online channels and all your payment processors. This eliminates storing payment data in multiple systems, reduces system complexity and improves customer data analysis.

You also minimize risk by keeping sensitive information out of your company’s internal systems.

Acceptance Channels:

In-person: Point-to-Point Encryption (P2PE)
Web: Hosted iFrame, Browser-Based Encryption
Mobile App: Mobile API
File: Batch
API: Token Services API
Phone: Call Centers

Processor compatibility and flexibility.

Send sensitive payment information to any payment processor or third-party partner, with the flexibility to easily add or change processors as needed. Optimize your authorization rates by sending transactions to the ideal processor.

Transparent Gateway

Send or receive sensitive payment card information with any payment processor, gateway, or API endpoint.
Save development time by leveraging existing API integrations.

Payment Services

Pre-built connections to popular payment gateways
Saves development time with a single API integration for multiple payment gateways

Request a Demo

Featured Resource

Customer Story

VIVRI: Maximize business growth and revenue with payment flexibility

FAQ

What are Universal Tokens?

Universal Tokens are non-sensitive payment tokens that can be stored in place of sensitive credit card information. Whenever payment information is needed, the token is sent to IXOPAY. IXOPAY will swap out the token with the actual credit card information and send it to a payment processor. Tokens from IXOPAY are ‘universal’ because they work across all processors and payment channels.

What is PCI DSS 4.0? Do Universal Tokens make it easier to comply with the PCI DSS standards?

PCI DSS 4.0 is the latest version of the Payment Card Industry Data Security Standards (PCI DSS). These standards specify the process and procedures companies must implement to protect credit card information that passes through its systems.

Using IXOPAY to accept payment information makes it easier to comply with PCI DSS requirements. By using Universal Tokens to accept payment information, you avoid storing sensitive data in your company’s internal systems. Instead, you only store a non-sensitive token. Since no credit card information is stored in your systems, you can eliminate up to 90% of PCI DSS requirements. Additionally, this protects your system in case of a breach since it is not possible to reverse engineer the original payment information from a token.

I can tokenize for free with my payment processor(s). Why should I use IXOPAY?

By working with IXOPAY, you have ‘universal’ payment tokens that can be used across any payment processor. This is beneficial because it prevents you from being “locked in” with your payment processor. This will make it easy to switch or add processors without losing or transferring your stored payment information. As your business grows, having multiple processors (rather than being “locked in” to a single processor) allows you to expand your business into other regions, increases your authorization rates, and gives you control over your payment data. Typically, when using a payment processor’s tokens, you are locked into that processor and can only use those tokens with that processor. This creates complexity when you add, change, or remove payment processors.

Does IXOPAY have a PCI-validated point-to-point encryption (P2PE) for accepting card present payments?

Yes, the IXOPAY P2PE solution for in-person (card present) payments is PCI-validated. This validation significantly reduces your PCI scope, reducing the number of PCI requirements you need to meet by up to 90% and lowering the time and cost of PCI audits.

Why is using IXOPAY better than building my own system for handling payment data?

IXOPAY provides a single token that can be used across all payment service providers, allowing you to add or switch gateways/acquirers without retokenizing or managing yet another set of tokens. In addition, IXOPAY has a comprehensive suite of tokenization solutions, exceeding those offered by most payment gateways. Our tokenization solutions can also include the provisioning and life-cycle management of network tokens, which can be used with any gateway/acquirer that supports them.

You can remove the burden of managing multiple sets of tokens specific to each acquirer or gateway that issued them. IXOPAY's agnostic tokens can be used with any gateway or acquirer. This helps increase your acceptance rates by routing transactions to the best processor for a transaction and allows you to potentially recover declined transactions by routing the transaction to an alternative provider.

Do Universal Tokens support my payment processor(s)?

Yes, IXOPAY Universal Tokens can connect to any payment processor or 3rd party API endpoint.

What are the different ways I can accept payment data with Universal Tokens?

Universal Tokens offer a variety of ways to accept payment data in a secure and PCI-compliant manner. The most common methods to accept are in-person (P2PE), web (iFrame), and mobile app (Mobile API). Additionally, we can accept data via API (Proxy Tokenization), File (Batch), or Phone (Call Center Solutions).

With Universal Tokens, you can receive payment information from any of these channels and send it to any payment processor you use. This eliminates the burden of storing payment information in multiple systems and makes identifying customer insights across your payment channels easier.

Partner	Name	Description	Duration
IXOPAY GmbH	cookiesConsent	Cookie Banner. Stores your cookie settings.	12 Months
IXOPAY GmbH	_fm	User centric security cookie to detect authentication abuses. Filters out computer/bot generated Website requests.	30 Minutes
Google Ireland Limited	reCAPTCHA	User centric security cookie to detect if a human being or a computer is making a specific entry in our contact or newsletter form.	6 Months
Cloudflare Inc.	cf_clearance	Used by Cloudflare (Website Security Network) to identify trusted web traffic, and protect our website against malicious activity (see Cloudflare's Cookie Informations).	30 minutes

Partner	Name	Description	Duration
Google Ireland Limited	_ga	Analytical cookie set by the service Google Analytics used to distinguish visitors. Collects data about number of visits and user journey.	2 years
Google Ireland Limited	_gid	Analytical cookie set by the service Google Analytics used to distinguish visitors. Collects data about number of visits and user journey.	24 h
Google Ireland Limited	_gat_ua-keynumber	Analytical cookie set by the service Google Analytics used to throttle the request rate, limiting the collection of data on Websites with high traffic.	Session
Google Ireland Limited	_ga_container-id	Cookie set by the service Google Analytics 4. The cookie is used to persist session state.	12 month
Microsoft Ireland Operations Limited	Clarity	Analytical service capturing your interactions on the Website such as how the page has rendered and what interactions you had on the Website (surfing behavior: mouse movements, clicks, scrolls). Microsoft collects or receives personal data from us to provide Microsoft Advertising (see Microsoft Privacy Statements). Sensitive content such as passwords, usernames, and user input are masked before sending to Microsoft.	12 months
Dealfront Group GmbH	_lfa	Analytical service that collects the visitor IP address to detect corporate visits and their geographic location. Leadfeeder only shows company visits, automatically filtering out all users visiting from residential IP addresses. All visit data is aggregated Dealfront Group GmbH / Analytical service that collects the visitor IP address to detect corporate visits and their geographic location. Dealfront only shows company visits, automatically filtering out all users visiting from residential IP addresses. All visitor data is aggregated on the company level (no reference to natural persons). Via a connection to Google Analytics, Dealfront shows company visitors' interactions on the Website (pages viewed, visitor source and duration of session). Dealfront also enriches that company data with contact data for individuals from publicly available data sources (eg. LinkedIn).	24 months

Partner	Name	Description	Duration
Google Ireland Limited	_gcl_au	Conversion-cookie set by the service Google Ads for assessing advertisement efficiency across our Websites and on websites of our marketing- & advertising partners.	3 months
Google Ireland Limited	_gac_gb_container-id	Cookie which connects Google Analytics und Google Ads. Google Ads website conversion tags will read this cookie.	90 days
Microsoft Ireland Operations Limited	Universal Event Tracking (UET)	Conversion-cookie set by the service Microsoft Advertising for assessing advertisement efficiency across our Websites and on websites of our marketing- & advertising partners. In general, the cookie in the relevant domain and your IP address are passed to Microsoft with every http request and not just via UET.	13 months