A. Available documentation

B. Additional information for internal use 

(some copy pasting from the above to make it simpler for internal teams)

What token are we talking about?

Token is a widely used term. Here we speak about VISA / Mastercard using a combination of “PAN + Merchant” to create a Network token that can be used for subsequent transactions, for ONE merchant only. Merchant in this context means the company, the legal entity, and can have multiple accounts at different banks. Not the account.

How does it work?

1. When someone joins for the first time, before processing the payment, RocketGate will get a Network Token (NT) and a cryptogram. The Network Token is permanent. The Cryptogram is to be on one transaction only. The NT and the Cryptogram will be used instead of the full PAN.

2. Subsequent transactions:

2.1 For MIT transaction (recurring and unscheduled like post-paid), only the NT is (re)-used.

2.2 For MIT transaction, the NT is (re)-used + a new cryptogram needs to be requested

  • PAN remains mandatory, and us used as a fallback is NT cannot be used for any reason
  • Network token is under PCI scope


The feature works for the following business models:

  • One-time sales
  • Unscheduled MIT with Network Token available in card-on-file.
  • Subscription model - join and rebill. Similarly to Unscheduled MIT, rebill will be processed with Network Token if it's available in card-on-file. 

If the processor supports the feature, RocketGate will always process the transaction with the token first. If the transaction is declined, RocketGate will automatically re-attempt the transaction with the PAN. This does not require a mercant option. 

The feature is not supported on:

  • Xsell (one-time sale or subscription)
  • Rebills which are sent as upsell.  

The benefits

The Compliance part

Network Tokens, despite the slow movement on a lot of processors, is mandated by the schemes
  • Mastercard calls this the SCOF (Secure Card On File) using the MDES framework - AN 6996 and AN 8181
    • Due date: May 1st, 2024
    • Assessment (fees): June 30, 2024
  • VISA Secure Credential Framework AI 12435
    • Due Date  +fees: October 1st, 2023
Some of processors in Europe are planning to apply behavioral fees starting late Q1 and in Q2, while US seems to move slower.

Billing structure

  • Network Token cost is in addition to the transaction cost, just like 3DS
  • RocketGate bills per "Network Token event" :
    • Creation of a Network Token - success and decline
    • Creation of a Cryptogram - success and decline

How to enroll a merchant

- Merchant needs to contact support@rocketgate.com, then our Support team will follow the Wrike https://www.wrike.com/workspace.htm?acc=406828#folder/1250702192/list?filters=status%3Dactive&showDescendants=0&sidePanelItemId=1250701789&sortOrder=10&spaceId=-1&viewId=229466133

How to configure a merchant to go live

- Merchant decides which accounts and/or sites to use first

- RocketGate configures it

- Merchant has nothing to do on their side

Who can use it?

- All merchants. Industry does not matter. Integration does not matter.

Any development required by the merchant

- NO

- Optional:  RocketGate Transaction History API has the flag "PAN / Token", the merchant can use it if they'd like.

RocketGate readiness

Pilot - since Oct. 2023January 2024NextLater
All the others
Transaction TypeSalesInitial

Customers enrolled in NTNewNewNewExisting
ReportingNet Sales
Approval Ratio

CascadingCascade to PAN to another processors - cascading configured
Cascade to PAN on the same processor - without cascading configured
Fraud and CB----

Card Updateryes, unlinkedyes, unlinkedyes, unlinkedyes,  linked
Card Art------yes
Automated billing----Yes
Usage optimization------Yes