Token Migration are committed to support data migration services. If you are new, we will import your existing sensitive cardholder data from your incumbent provider.

We will also export your data should you ever choose to leave us.


When importing data to, the services will be provided without charge.

If you choose to migrate data from us to an alternative provider, there will be a small charge to cover project management and technical resourcing costs.

Time Frames

You can expect that for both importing and exporting, the data migration will be executed within 5 – 10 business days.

Public Key

When migrating data to, you will need to encrypt all files using our public key:


Importing Data

We will work with your incumbent provider to complete the data migration. Your incumbent provider will be required to provide an encrypted CSV file that includes at least the following fields:

Header Format Length Description
id string A unique ID representing the card / customer.
cardnumber int 12-19 The credit/debit card number used for the transaction.
cardexp string 6 The expiration date of the card used for the transaction, in the format MMYYYY.
You may need to send additional data beyond the above fields. If you operate within the Financial Services sector, you may have been assigned a Merchant Category Code (MCC) of 6012 by your acquiring bank. If this is the case, it has been mandated by the card schemes (Visa/Mastercard) to capture additional data about your customers. The additional MCC 6012 parameters are:
Header Format Length Description
customer_lname string 0-50 Customer's last name.
customer_dob string 8 Customer's Date of Birth
billing_zipcode string 0-100 The Cardholder’s billing ZIP or postal code.

Once the Data Migration has been completed, we will provide a file containing the token references of each card stored on your account.

Exporting Data

If you choose to use an alternative provider, before we can complete the export process, we must first verify that they are PCI compliant. All we need is their Attestation of Compliance (AOC) to satisfy this requirement.

Once the AOC has been received and approved, we will request a public encryption key from the receiving provider. We then use this public key to encrypt the sensitive cardholder data and transmit via SFTP.

Your sensitive cardholder data will be populated within a GPG encrypted CSV file. The file naming convention will be as follows: MERCHANTNAME_EXPORT_YYYY_MM_DD.CSV.GPG

The first row of the file will contain the headers as outlined in the below table. Each subsequent row will contain a new entry for each card that is tokenised on the Acquired Gateway.

Header Format Length Description
transaction_id int 1-11 The unique ID of the transaction for which the card was tokenised.
cardholder_name string 0-100 Cardholder’s name.
cardnumber int 12-19 Masked credit or debit card number used for the transaction.
cardexp string 6 Expiration date of the card used for the transaction, formatted as MMYYYY.