Mastercard
Mastercard Digital Enablement Service
Mastercard network tokens under your TRID with UCAF cryptograms. One API surface alongside Visa and Amex, no PSP vault in the credential path.
Mastercard Digital Enablement Service (MDES) is Mastercard’s tokenization platform for card-not-present and digital commerce. Like VTS, it issues network tokens bound to a Token Requestor ID and manages their lifecycle as cards expire or reissue. PSP “Mastercard network token” features are MDES behind a processor-specific integration and TRID.
Veliro provisions MDES tokens under your merchant TRID and returns the same tok_* shape your application uses for Visa and Amex credentials. Scheme selection is derived from BIN at provision time, so your code does not branch on network when storing the reference, only Veliro does, internally, when fetching cryptograms.
MDES authorizations carry a Universal Cardholder Authentication Field (UCAF) cryptogram and scheme-appropriate ECI. Mastercard distinguishes one-off purchases from recurring mandates, and the cryptogram plus indicators must reflect that category or issuers may decline or challenge legitimate rebills. Veliro retrieves UCAF per authorization through the unified cryptogram endpoint.
Operating MDES directly means Mastercard token program certification, mTLS connectivity, and domain controls, work Veliro carries so your integration stops at REST and API keys. The TRID stays yours, which is what lets MDES tokens forward to whichever acquirer you configure without re-enrollment.
Lifecycle & authorization
- MDES provisioning states (active, suspended, deleted) propagate as Veliro lifecycle webhooks.
- Recurring mandates require distinct UCAF indicators from one-off checkout; encode transaction type in billing jobs.
- Mastercard updater events refresh expiring credentials under the same tok_* reference.