Skip to content

Unique tokens

In certain circumstances you may want to ensure that you have close control over the tokenization process by ensuring that a specific payment card is associated with a unique token.

For example, by enforcing the use of unique tokens you can prevent the abuse of special offers. Or, you can use unique tokens to exercise more finely grained control over the use of a single, specific payment card by different customers.

Standard token behavior

By default, we will issue a new token whenever you present a new customer who is attempting to pay with a specific payment card -- even if that payment card is shared by different customers. Consider a payment card that is shared by a family, for example.

In other words, you may have several customers who are all registered on your site using the same payment card. In each instance, every time the customer shops the first time, a new token is generated -- even though the tokens refer to the same payment card.

So, under the default rules, a single payment card may therefore be associated with several tokens -- with each token representing a combination of a unique customer but referring to the same payment card.

This scenario would be common where, for example, family members share a payment card issued to a specific family member.

How do unique tokens work?

Amazon Payment Services gives you the ability to request the use of unique tokens. When you request the use of unique tokens Amazon Payment Services will ensure that each payment card number is associated with only one token name.

For example, if two customers sign up on different occasions using the same payment card number Amazon Payment Services will return the same token name to your server.

By consequence, in your merchant environment, every payment card number is only ever associated with just one unique token name.

In contrast, the default tokenization behavior would be for Amazon Payment Services to generate a new token when the second customer signs up -- even though the second customer is using the same payment card details as the first customer.

By choosing unique tokens you ensure that a payment card number can never be associated with more than one token name.

When should you request unique tokens?

You should request a unique token when your use case demands that you can track the use of a payment card across multiple customer accounts.

As a simple example, you may offer a once-off sign-up discount to new customers. Given that unique email addresses are easy to obtain you may find it difficult to distinguish between genuinely new customers -- and existing customers using a temporary email account to abuse your offer.

However, unique payment card numbers are harder to obtain. You can, therefore, limit the ability to abuse a special offer by tracking the use of card numbers across customer accounts.

Unique tokens allow you to track the use of card numbers by ensuring that a card number is only ever associated with one token.

Activating unique tokens

If you want to make use of unique tokens instead of standard tokenization you need to activate unique tokens in your Amazon Payment Services back office.

Be aware of the consequences of activating unique tokens. For example, by using unique tokens, you can never depend on the token name to draw a distinction between two different customers. Where two customers share their payment card they would by consequence share the token name if you had chosen to activate unique tokens.

Need further help?

If you get stuck feel free to get in touch with the Amazon Payment Services team. Just message our support team at merchantsupport-ps@amazon.com.