We want Tokens to be used on our entire site, but want to know if they are in a global vault or are they submerchant specific?
We want Tokens to be used on our entire site, but want to know if they are in a global vault or are they submerchant specific?
Tokens are merchant specific. In other words, a token issued to Merchant A cannot be used by Merchant B.
Most acquirers can configure restrictions on tokens, not only by merchant, but also by banner if additional security is needed. It is typical by MID (Merchant ID), so you can also have the reverse problem where you may want to use the same token for multiple MID.
.
If you use multiple platforms with the same acquirer, e.g. one for card present, and one for Ecom, it is important to confirm the token can be used in both environments.
Keep in mind, the word token can mean many different things. You can have a transaction token (say for reversals), a card token that can only be used for fraught purposes or customer tracking (e.g. a non-de-cryptable hash, also called a non-reusable token), or one that can be used for follow on transactions, e.g. billing, pre-auth completion, etc (also called a reusable token).
And then there are variations on that (e.g. a reusable token that included the expiry date, or not)
Tokens are merchant specific. In other words, a token issued to Merchant A cannot be used by Merchant B.