Tokenization is the industry-standard method for organizations to process credit card transactions safely. All cardholder data is kept secure by encrypting it in a manner that cannot be decrypted. Chargent’s tokenization process stores cardholder data in tokens that are never stored in Salesforce. Instead, these tokens are only available to the payment gateway for a merchant.
Enabling Tokenization #
In Chargent, tokenization is managed by the gateway record. You can enable tokenization for your organization by clicking Yes when asked “Use Tokenization?” in the Gateway Setup Wizard.
If Payment Methods is enabled in your org, Chargent stores your tokens in the Token field of your Chargent Token records. This record is related to a Chargent Payment Method record, allowing the token to be reused for future transactions. The token is also reflected in the Token field of your Chargent Order records and the Tokenization field of your Transaction records.
When you enable tokenization as part of setting up your gateway, Chargent automatically selects the default data handling rule: “Clear When Token Present”, because it is the most reliable PCI-compliant method for handling sensitive data.
Note: Not all gateways support tokenization. Please consult with your gateway provider to see if tokenization is supported. For more information, visit our Gateway-Specific Guides.
If you didn’t enable tokenization during your initial gateway setup, don’t worry! You can update the settings by modifying your gateway record:
- Click the App Launcher icon at the top-left of your screen and choose Chargent.
- Select the Chargent Settings tab and Setup Wizard subtab.
- Click Advanced Settings.
- Check the Use Tokenization checkbox.
- Select the appropriate option in the Credit Card/Bank Account Data Handling field. Most customers should choose “Clear When Token Present” to avoid storing sensitive payment information in Salesforce. See Understanding Data Handling Rules.
- Click Save.
Understanding Data Handling Rules #
The Credit Card/Bank Account Data Handling field on the Gateway record controls the storage of your customers’ payment information. This field determines whether or not sensitive payment information is stored in Salesforce when a token is present. We always recommend selecting “Clear When Token Present” whenever possible to reduce the scope of your PCI compliance.
- “Clear When Token Present” (Recommended): Chargent removes private credit card and bank account numbers after creating a token. This is recommended because it lowers your liability for storing this sensitive information.
- “Clear After All Transactions”: Chargent erases credit card and bank account numbers after any transaction has been completed, even if a token is not present (including charges, voids, and refunds).
- “Clear After Successful Charge”: Chargent removes credit card and bank account numbers after the charge is completed, even if a token is absent.
- “Never Clear”: Chargent will not automatically remove card or bank account data. This option puts you at risk, so it should only be selected if your business process requires you to store this sensitive information. We do not recommend using this setting.
Payment Methods Tokenization #
If Payment Methods is enabled in your org, two additional fields on the gateway record interact with the Use Tokenization and Credit Card / Bank Account Data Handling fields to determine the behavior of payments associated with the gateway. Payment method creation and association are dependent on the values of these fields.
- Payment Method Creation Allowed – Indicates if a Payment Method record will be created.
- Payment Method Association Allowed – Indicates if a Payment Method record can be associated with a Chargent Order.
These fields are calculated automatically upon saving the gateway record and cannot be set individually.
- If Use Tokenization is unchecked: Both Payment Method Creation Allowed and Payment Method Association Allowed will be unchecked, and payment methods will not be created or associated with Chargent Order records when using this gateway.
- If Use Tokenization is checked and Credit Card / Bank Account Data Handling equals “None” or “Never Clear”: Payment Method Creation Allowed will be checked, and Payment Method Association Allowed will be unchecked. In this case, payment methods will be created but cannot be associated with Chargent Order records when using this gateway.
- If Use Tokenization is checked and Credit Card / Bank Account Data Handling equals “Clear After Successful Charge”, “Clear After All Transactions”, or “Clear When Token Present”: Both Payment Method Creation Allowed and Payment Method Association Allowed will be checked, allowing the creation and association of payment methods to Chargent Order records when using this gateway.
Note: If Duplication Management is active and a duplicate is detected, a payment method will not be created. Instead, the existing payment method will be used. For more details, visit Payment Methods Duplication Management.
For more information about Payment Methods, see Setting Up Payment Methods.
Considerations & Best Practices #
- To learn more about how tokenization can help you reduce the scope of your PCI compliance, see Understanding the Benefits of Tokenization (in 5 minutes).
- If you are having trouble with tokens, our knowledge base provides solutions to many common issues.
- To see why we don’t recommend saving and storing sensitive information like credit card numbers in Salesforce, see our Security and PCI Compliance Guide.
We are happy to help you discover and understand what tokenization settings are best for your business. Please contact us for additional advice or a referral to a Chargent consulting partner who can assist you.
See Also
Salesforce Tokenization
Zero Footprint Tokenization
Multi-Gateway Tokenization