Token Migration Process

Token Migration Process


Token migration is a complex process that requires a comprehensive understanding of payment data security and adherence to strict compliance standards. We, as a payment provider specializing in vertically integrated Software as a Service (SaaS) partners, are committed to making this process as seamless as possible for our partners. This document outlines the step-by-step procedure for migrating Primary Account Number (PAN) tokens, providing all the necessary support and guidance needed.

Process Overview

The migration process involves several key steps:

  1. Initiating the official request process with your existing provider.

  2. Confirming the destination is PCI L1 certified, a requirement your current provider will stipulate.

  3. Providing necessary details based on your existing vendor's capabilities, such as Secure File Transfer Protocol (SFTP), Hypertext Transfer Protocol (HTTP), etc.

  4. Receiving the data, migrating it, and retaining your existing tokens or providing a token mapping for you.

Step-by-step Procedure

Step 1: Initiate Official Request with Existing Provider

Initiate the token migration process by formally requesting your existing provider. This step might involve filling out a form or sending an official request email, depending on your provider's policies and procedures. Make sure to specify your intentions and needs clearly, to avoid any potential misunderstandings and delays.

Step 2: Confirm PCI L1 Certified Destination

Your existing provider will require that the destination of the token migration be PCI DSS Level 1 certified. We, as your new provider, are fully PCI DSS Level 1 compliant. Once you receive this request from your existing provider, please forward it to us. We will then provide all the necessary documentation and information required by your existing provider to prove the PCI L1 certification status of our systems. This ensures that we adhere to the strictest security standards, protecting sensitive cardholder data.

Step 3: Provide Necessary Details Based on Existing Vendor's Capabilities

Depending on your existing provider's capabilities, they may require certain details to initiate the token migration. This could include the preferred method of transfer (e.g., SFTP, HTTP), our server details, and authentication credentials. When your existing provider requests this information, kindly forward the request to us. We will promptly provide all the necessary information based on your existing provider's requirements.

Step 4: Data Receipt and Migration

Once we receive the token data from your existing provider, we will initiate the migration process. This process involves validating the data, ensuring integrity, and moving the tokens into our secure systems. We will then conduct rigorous testing to ensure that all migrated tokens are functioning as expected.

Step 5: Retain Existing Tokens or Provide Token Mapping

We can retain your existing token identifiers or provide a token mapping based on your preference. Retaining existing tokens can facilitate the transition, particularly if your systems or processes are designed around specific token identifiers. Alternatively, we can provide a token mapping that maps your existing token identifiers to new ones in our system. This can provide an additional layer of security and can be beneficial if you're looking to restructure your token identifiers as part of the migration.


Through this document, we have outlined the intricate process of PAN token migration. The process, while complex, is designed to ensure a seamless transition, minimal disruption to your operations, and the highest levels of security and compliance. We understand the importance of this transition for your business and are committed to providing you with all the support you need throughout this process. Should you have any questions or require further clarification on any step in this process, please do not hesitate to contact us. Your trust and satisfaction are our top priority.

Last updated