Introducing the MetaToken

At Shift4, we do all that we can to get cardholder data out of your merchant environment. We use P2PE on the front end to keep the data from entering your environment at the point of swipe, then return a TrueToken® on the back end so that you can keep a record of the transaction without having to worry about storing card data.  We also have solutions for tokenizing e-commerce form entries and even reservation data. All together, it’s a combination we are proud to provide to our merchant customers – and one that has some great benefits. This method is incredibly effective at reducing your breach profile and drastically limiting the scope of your PCI audits.

We do, however, realize that there is one limitation merchants face when they never see the actual card number: they lose the ability to track a customer by the card they use. As big data analytics have become increasingly popular over the past couple of years, we’ve been working on a solution to allow our merchant customers to link transactions to a particular card (or customer) without undoing all of the security and scope reduction that they have achieved by eliminating card data from their environment in the first place.

Today, we share with you the fruits of our efforts, the MetaToken.

The MetaToken is a token that remains constant for a particular card number (PAN). MetaTokens allow merchants who don't want cardholder data in their system to still maintain a one-to-one relationship with the card for marketing and loyalty analytics. These MetaTokens can be tracked across multiple transactions and even multiple revenue centers, and will allow merchants to analyze card usage for the life of the card (even past the expiration date, assuming the same card number is reissued upon expiry). The same MetaToken will be returned each time a specific card is used whether it is for a purchase, credit return, card-on-file, bill-backs, recurring membership/subscription payment, etc.

MetaTokens are 16-digit numeric values, which greatly simplifies the amount of development needed to integrate them into any existing analytics tools you may be using. They will allow merchants to keep the tracking capabilities of unsecure one-to-one tokens and to gain the security and scope reduction capabilities of TrueTokenization®. While they may look like credit card numbers, MetaTokens are specifically designed never to pass Lunh Mod 10, which means your POS/PMS will instantly recognize it as an invalid account number should you try to run an authorization on it.

The technology is currently in testing with a few of our POS/PMS vendor partners, and we will be rolling it into full production in the next few months. If you’d like to be first in line, be sure to give us a call or send an email to support@shift4.com.