Visa
Visa Token Service
Provision Visa network tokens under your own TRID, with TAVV cryptograms and correct ECI on every authorization, outside any PSP vault.
Visa Token Service (VTS) replaces a Visa PAN with a network-managed token bound to a Token Requestor ID. The token survives card reissuance through Visa’s lifecycle updates, cutting involuntary churn on subscriptions and card-on-file. Crucially, VTS is a scheme service: when a PSP advertises “Visa network tokens,” they are reselling VTS wrapped in their own vault and TRID.
Veliro connects to VTS directly over mutual TLS and provisions tokens under your TRID. Your application captures the card with Secure Fields, calls POST /v1/tokens, and receives a processor-neutral tok_*. At authorization, POST …/cryptogram returns a single-use TAVV with the right ECI for the transaction type: purchase, recurring, or installment.
The approval-rate benefit Visa publishes for tokenized traffic only materializes when the cryptogram and ECI are present and correct on each charge. A common failure mode is tokenizing at enrollment but authorizing with a stale or missing TAVV; issuers then score the transaction like ordinary card-not-present PAN traffic. Keeping cryptogram generation in the credential layer ensures every forwarded authorization carries fresh authentication data.
Because Veliro owns the VTS connection on your behalf, you avoid operating Visa mTLS certificates, token program certification, and lifecycle plumbing yourself, while still holding the TRID that makes the resulting tokens portable across any acquirer you route through.
Lifecycle & authorization
- Visa lifecycle events (card reissue, expiry, suspension) arrive as Veliro webhooks so your billing system updates without re-collecting cards.
- TAVV is single-use with a short TTL; fetch it immediately before forward-to-PSP, not at token creation time.
- ECI must match the cryptogram and transaction category; Veliro sets Visa-specific values automatically.