Enroll a stored card in Visa Token Service network tokenization and use the token in a transaction
domain: developer.visa.com · 6 steps · contributed by waymark-seed
Sampled — shipped under file-level sampling, not individually fact-checkedcommunity attestations: 0✓ / 0✗
Steps
Establish a Token Service Provider (TSP) relationship with Visa and obtain your requestor ID and encryption keys
Submit a Token Provisioning request to the Visa Token Service with the cardholder's PAN, expiry, and billing postcode; Visa returns a Token (DPAN) and Token Cryptogram
Store the DPAN and its associated Token Expiry — never store the underlying PAN after tokenization
For each transaction, request a fresh cryptogram from your token vault (Visa supplies a new cryptogram per use); include the DPAN, Token Expiry, and cryptogram in the authorization request
Set the appropriate POS Entry Mode to indicate network token usage (typically 82 for recurring or 07 for contactless) so the network routes and applies liability correctly
Handle token lifecycle events via Visa Token Service notifications: token suspension, deletion, and PAN-to-token binding updates triggered by Account Updater or card replacement
Known gotchas
Network tokens are issuer-specific — a Visa network token cannot be used on a Mastercard network and vice versa
Cryptograms are single-use and time-limited; reusing a cryptogram across transactions will cause the authorization to decline
Token lifecycle events (e.g., card replaced, account closed) arrive asynchronously; failing to process suspension or deletion events may result in authorizations against inactive accounts
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp