API Reference
Explore SandboxPartner PortalMerchant Portal
Start typing to search…

Customer Token Vault

Onboard a merchant to Customer Token Vault

The Customer Token Vault (CTV) is NMI's advanced solution for secure, persistent card storage that leverages the power of network tokenization to protect both merchants and their customers. When a customer's payment information is saved to the Vault, NMI generates a unique Customer Vault ID: a secure token that merchants can use to process all future transactions without ever touching or storing the customer's actual card data. This approach is particularly valuable for merchants with repeat customers, subscription services, or recurring billing models, as it eliminates PCI compliance burdens while streamlining the payment experience.

The Power of Network Tokens

Customer Token Vault is built on network tokenization technology, which provides stronger security and performance benefits compared to traditional payment storage methods. Network tokens are cryptographically generated payment credentials issued directly by the card networks (Visa, Mastercard, and more to come) that replace sensitive card details. These tokens deliver several key advantages:

  • Enhanced Security: Network tokens use dynamic cryptograms that change with each transaction, making them virtually useless if intercepted
  • Higher Approval Rates: Card issuers recognize network tokens as lower-risk transactions due to their enhanced authentication and security features, leading to fewer false declines
  • Automatic Lifecycle Management: When a customer's physical card expires or is replaced, the network token automatically updates in the background, meaning merchants never have to worry about expired cards causing failed recurring payments or service interruptions

Currently, network tokenization is supported for Visa and Mastercard transactions, with additional card brands being added in the future.

Automatic Card Updater

While network tokens provide automatic lifecycle management for tokenized cards, you may still want to enable Automatic Card Updater (ACU) to ensure all cards in your system stay current. The two systems work intelligently together without conflict: Customer Token Vault automatically handles updates for tokenized cards, while Automatic Card Updater focuses on non-tokenized cards in the Vault or recurring systems. This complementary approach ensures comprehensive coverage across your entire payment infrastructure.

Automatic Network Tokenization for All Transactions

Once Customer Token Vault is enabled on a gateway, there is a 1-3 business day onboarding period while Visa and Mastercard fully provision the merchant account. After this brief setup, network tokenization happens automatically for every card transaction processed, not just for cards stored in the Vault. Whether a customer is making a one-time purchase, being saved for future transactions, or using NMI's recurring billing interface, their card data is automatically converted into a secure network token. This means every transaction benefits from enhanced security and improved approval rates, regardless of whether the customer information is permanently stored.

Seamless Upgrade from Legacy Customer Vault

For merchants already using NMI's original Customer Vault who want to upgrade to Customer Token Vault, the transition is completely frictionless. All existing customer data, including Customer Vault IDs, remains exactly the same: no migration, data mapping, or system reconfiguration required. Merchants can immediately begin benefiting from network tokenization without any disruptions to their operations, changes to their API integration, or updates to their existing workflows. The only visible difference is that transactions will now include an indicator showing whether a network token was used. The upgrade simply adds powerful new security and performance features on top of the familiar infrastructure you're already using.

Network Token Webhooks

Customer Token Vault provides webhook notifications that allow you to stay informed about network token lifecycle events. You can subscribe to receive real-time notifications when network tokens are created or updated, enabling you to track token provisioning, monitor automatic card updates, and integrate token management into your own systems and workflows. These can be configured from your portal interface under Settings > Webhooks.