Token Migration

Acquired.com are committed to supporting data migration services. However, before you begin to import your existing sensitive cardholder data, you will need to select an integration method. You can either use your incumbent provider, or if you have the data on file, you can use the API.

We will also export your data should you ever choose to leave us.

Fees

When importing data to Acquired.com, the services will be provided without charge.

If you choose to migrate data from us to an alternative provider, there will be a small charge to cover project management and technical resourcing costs.

Time Frames

You can expect that for both importing and exporting, the data migration will be executed within 5 – 10 business days.


Token Migration via Incumbent Provider

If your previous payments processor stores all of your customers' data, they will send us a file which will allow us to provide you with a list of token references, allowing for future payments to be taken.

Public Key

When migrating data to Acquired.com, you will need to encrypt all files using our public key:

 AAAAB3NzaC1kc3MAAACBAPosdQoxSsbr/p4BUffJI48Nqfl2724T5gFtT7vEIeSkOzwyp+/lWbpidKpHFBsn5OejTD9TzQCaFPitQkVuP0zgAF6nO6h3tKl57i0jtcdVahfG/HfLv7Cd07/7VPFntTOxzI1HgcKsN3qvTmaTiTEmEiypH7eAK/NTXCekp663AAAAFQDTAKUnP3gx9FF2nIR0OPaIfsGa6QAAAIAi5U4HuPcGtAo0ypnzfag2Ht6m5Bpue2nUIesoU0DESh1SksOfxOPIaGayOrztWvFuWUm0Vvg4HYF4LjHNP/+6jdc4lmjjZt+4khx0xN0Vq6/uU2XZOZGq6UNj2iW9Cb8njVdw2EvUDc9pxSpd8sEdQULia/Knb4RjFgngKCsj5QAAAIAcS8WOcBIf3t8zd6XMiCsO6YsTDDbZYxnv1Nx2NFZrUOlniRgBcmuoOifk99BiCbx64OoUqT8+6ZCpBdebr/uZQANRIBR9tLEwUfJO/TCNqu7LSP5yk/RY5OumUnfdzytTnHWWSWeFbbPYRfI66gYO0AJL14L/dXSWk2sFxhxh6w== 

Importing Data

We will work with your incumbent provider to complete the data migration. Your incumbent provider will be required to provide Acquired.com an encrypted CSV file that includes at least the following fields:

Header Format Length Description
id string A unique ID representing the card / customer.
cardnumber int 12-19 The credit / debit card number used for the transaction.
cardexp string 6 The expiration date of the card used for the transaction, in the format MMYYYY.
You may need to send additional data beyond the above fields. If you operate within the Financial Services sector, you may have been assigned a Merchant Category Code (MCC) of 6012, 6051 or 7299 by your acquiring bank. If this is the case, it has been mandated by the card schemes (Visa / Mastercard) to capture additional data about your customers. The additional parameters are:
Header Format Length Description
customer_lname string 0-50 Customer's last name.
customer_dob string 8 Customer's Date of Birth.
billing_zipcode string 0-100 The Cardholder’s billing ZIP or postal code.

Once the Data Migration has been completed, we will provide a file containing the token references of each card stored on your account.


Token Migration via API

If you have the customer data you want to migrate across to Acquired.com, you can send the information immediately via API.

This allows us to validate the information and provide a token reference to allow you to process future transactions.

Endpoint

Time to play – access your API using the following endpoint:

Request

Please note: Before sending card migration API requests, contact support@acquired.com to set your account to BANK MIGRATION mode. This will ensure that your data is saved successfully.

Within each API request, you have to ensure the following parameters are set to the following values – if these parameters are not set correctly, we will respond with a 102 response code and the details will not be tokenised.

Parameter Format Length Description
amount string 0-11 Value should be set to 0.00.
transaction_type string 1-20 Value should be set to AUTH_ONLY.
subscription_type string 1-20 Value should be set to INIT.

Here’s a list of mandatory and additional parameters that may accompany a request with some handy sample code alongside.

Parameter Format Length Description
timestamp
Required
date 14 Date and time of transaction submission.
company_id
Required
int 3 API Company ID we issue to merchants.
company_pass
Required
string 10-30 API Password we issue to merchants.
company_mid_id int 0-4 Targets a specific mid_id within the company structure. Leave it blank (or don't pass it) to balance traffic across multiple mid_ids (banks).
user_agent string 1-1000 Useragent data.
vt boolean 1 Additional parameter to flag a transaction as MOTO - include if processing payments via phone or an IVR solution.
request_hash
Required
string 64 Verification hash value - please see here.
transaction
Required
object Click here.
merchant_order_id
Required
string 1-50 Unique ID you’ll use to identify each transaction.
transaction_type
Required
string 1-20 The type of transaction you are trying to perform - possible values for this request are either AUTH_ONLY or AUTH_CAPTURE.
amount
Required
string 0-11 Transaction amount.
currency_code_iso3
Required
string 3 Transaction currency, an ISO 4217 3-digit code.
subscription_type string 1-20 If you want to tokenise the card details for future use - set this field to INIT. See here for more information.
merchant_customer_id string 0-50 Your internal unique customer reference. You can use this field to link multiple transactions to a single customer.
merchant_custom_1 string 0-50 You can send additional data relating to the customer or another internal reference - with more data, your internal teams will be able to identify the customer’s transactions.
merchant_custom_2 string 0-50 You can send additional data relating to the customer or another internal reference - with more data, your internal teams will be able to identify the customer’s transactions.
merchant_custom_3 string 0-50 You can send additional data relating to the customer or another internal reference - with more data, your internal teams will be able to identify the customer’s transactions. If you are using our dynamic descriptor feature, you will not be able to use the merchant_custom_3 field as the dynamic descriptor value should be passed in this field.
customer
MCC 6012
object Click here.
customer_fname string 0-50 Customer’s first name.
customer_lname
MCC 6012
string 0-50 Customer’s last name.
customer_ipaddress string The customer's IP address in either IPv4 or IPv6 format.
customer_dob
MCC 6012
string Customer’s date of birth formatted as YYYY-MM-DD.
billing
Required
object Click here.
cardholder_name
SCA
string 0-100 Cardholder’s name as printed on their card.
cardnumber
Required
int 12-19 Card number used for the transaction.
cardcvv int 3-4 Card verification value, formatted as three or four digits (for AMEX) depending on the card type.
cardexp
Required
string 6 Expiration date of the card used for the transaction, formatted as MMYYYY.
billing_street
AVS & SCA
string 0-100 Cardholder’s billing street address.
billing_street2
SCA
string 0-100 Cardholder’s billing street address, line 2.
billing_city
SCA
string 0-100 Cardholder’s billing city.
billing_state string 0-100 Cardholder’s billing state or province.
billing_zipcode
MCC 6012 & AVS & SCA
string 0-100 Cardholder’s billing ZIP or postal code.
billing_country_code_iso2
SCA
string 2 Cardholder’s billing country, an ISO 3166 2-character code.
billing_phone_code
SCA
string 3 Cardholder’s billing phone number country code (For example, 44 for the UK).
billing_phone
SCA
string 7-20 Cardholder’s billing phone number.
billing_email
SCA
string 0-50 Cardholder’s billing email address.
shipping object Click here.
shipping_street string 0-100 Cardholder’s shipping street address.
shipping_street2 string 0-100 Cardholder’s shipping street address, line 2.
shipping_city string 0-100 Cardholder’s shipping city.
shipping_state string 0-100 Cardholder’s shipping state or province.
shipping_zipcode string 0-100 Cardholder’s shipping ZIP or postal code.
shipping_country_code_iso2 string 2 Cardholder’s shipping country, an ISO 3166 2-character code.
shipping_phone_code string 2 Cardholder’s shipping phone number country code (For example, 44 for the UK).
shipping_phone string 7-20 Cardholder’s shipping phone number.
shipping_email string 0-50 Cardholder’s shipping email address.
{
  "timestamp":"20190620101530",
  "company_id":113,
  "company_pass":"password",
  "company_mid_id":1045,
  "vt":"",
  "useragent":"",
  "request_hash" : "f0a18260b08a0bfacb.....",
"transaction":{
    "merchant_order_id":"a9f0ce93-6f0d-4a15-a18b-45f1304b4bc0",
    "transaction_type":"AUTH_CAPTURE",
    "amount":"14.99",
    "currency_code_iso3":"GBP",
    "subscription_type":"INIT",
    "merchant_customer_id":"",
    "merchant_custom_1":"",
    "merchant_custom_2":"",
    "merchant_custom_3":""
    
},
"customer" : {
    "customer_fname":"Edward",
    "customer_lname":"Johnson",
    "customer_ipaddress":"127.0.0.1",
    "customer_dob":"1988-10-03"
    
},
"billing" : {
    "cardholder_name":"",
    "cardnumber":4000011180138710,
    "cardcvv":123,
    "card_exp":"022020",
    "billing_street":"Suite 2, 4th Floor",
    "billing_street2":"44 Baker Street",
    "billing_city":"London",
    "billing_state":"",
    "billing_zipcode":"W1U7AL",
    "billing_country_code_iso2":"GB",
    "billing_phone":"+44(0)2039826580",
    "billing_email":"support@acquired.com"
    
},
"shipping" : {
    "shipping_street":"Suite 2, 4th Floor",
    "shipping_street2":"44 Baker Street",
    "shipping_city":"London",
    "shipping_state":"",
    "shipping_zipcode":"W1U7AL",
    "shipping_country_code_iso2":"GB",
    "shipping_phone":"+44(0)2039826580",
    "shipping_email":"support@acquired.com"
    
}
}

If the response_code parameter is set to 1 – you have successfully tokenised your customers details. You can then use the transaction_id as your token reference to process Card Storage transactions.

After processing the transaction request, we’ll return a response to confirm the outcome. Again, some handy sample code can be found below.

Parameter Format Length Description
timestamp date 14 Date and time of transaction response.
response_code int 3 Code describing the transaction result.
response_message string 1-100 Text describing the transaction response.
company_id int 3 API Company ID we issue to merchants.
mid string 4 MID_ID the transaction was processed through.
transaction_id int 1-10 Unique ID we generate to identify the transaction.
transaction_type string 1-12 Transaction type, repeated from the request message.
merchant_order_id string 1-50 Unique ID you’ll use to identify each transaction, repeated from the request.
amount string 1-11 Transaction amount.
currency_code_iso3 string 3 Transaction currency, an ISO 4217 3-digit code.
authorization_code string 0-50 Authorisation code returned by the issuing bank.
acquirer_reference_number string 0-50 Value set by the acquirer to track the transaction, when present.
avsaddress string 1-2 AVS check on the first line of the customer’s address, when available.
avszipcode string 1-2 AVS check on the customer’s postcode or zipcode, when available.
cvvresult string 1-2 Result of CVV2 security check.
bank_response_code int 2 Transaction result code communicated by the issuing bank.
bin object
issuing_bank string 0-50 Name of the bank issuing the card used for the transaction.
card_category string 0-30 Category of the card used, for example CREDIT or DEBIT.
card_level string 0-30 Level of the card used, for example CLASSIC.
issuing_country string 0-50 Country issuing the card used for the transaction.
issuing_country_iso2 string 2 Country issuing the card used for the transaction, an ISO2 two-letter code.
response_hash string 64 Verification hash value.
{
    "timestamp": "20190620101531",
    "response_code": "1",
    "response_message": "Transaction Success",
    "company_id": 113,
    "mid": 1045,
    "transaction_id": "5436756",
    "transaction_type": "AUTH_ONLY",
    "amount": "0.00",
    "currency_code_iso3": "GBP",
    "authorization_code": "123456",
    "acquirer_reference_number": "7270912091283121",
    "avsaddress": "M",
    "avszipcode": "M",
    "cvvresult": "M",
    "bank_response_code": "1",
    "bin": {
        "issuing_bank": "ACQUIRED.COM",
        "card_category": "DEBIT",
        "card_level": "STANDARD",
        "issuing_country": "United Kingdom",
        "issuing_country_iso2": "GB"
    },
    "response_hash": "835956a9fe56d65416....."
}

Exporting Data

If you choose to use an alternative provider, before we can complete the export process, we must first verify that they are PCI compliant. All we need is their Attestation of Compliance (AOC) to satisfy this requirement.

Once the AOC has been received and approved, we will request a public encryption key from the receiving provider. We then use this public key to encrypt the sensitive cardholder data and transmit via SFTP.

Your sensitive cardholder data will be populated within a GPG encrypted CSV file. The file naming convention will be as follows: MERCHANTNAME_EXPORT_YYYY_MM_DD.CSV.GPG

The first row of the file will contain the headers as outlined in the below table. Each subsequent row will contain a new entry for each card that is tokenised on the Acquired Gateway.

Header Format Length Description
transaction_id int 1-11 The unique ID of the transaction for which the card was tokenised.
cardholder_name string 0-100 Cardholder’s name.
cardnumber int 12-19 Masked credit or debit card number used for the transaction.
cardexp string 6 Expiration date of the card used for the transaction, formatted as MMYYYY.