Token Migration

Acquired.com are committed to supporting data migration services. However, before you begin to import your existing sensitive cardholder data, you will need to select an integration method. You can either use your incumbent provider, or if you have the data on file, you can use the API.

We will also export your data should you ever choose to leave us.

Fees

When importing data to Acquired.com, the services will be provided without charge.

If you choose to migrate data from us to an alternative provider, there will be a small charge to cover project management and technical resourcing costs.

Time Frames

You can expect that for both importing and exporting, the data migration will be executed within 5 – 10 business days.

Token Migration via Incumbent Provider

If your previous payments processor stores all of your customers' data, they will send us a file which will allow us to provide you with a list of token references, allowing for future payments to be taken.

Public Key

When migrating data to Acquired.com, you will need to encrypt all files using our public key:

PUBLIC KEY

 AAAAB3NzaC1kc3MAAACBAPosdQoxSsbr/p4BUffJI48Nqfl2724T5gFtT7vEIeSkOzwyp+/lWbpidKpHFBsn5OejTD9TzQCaFPitQkVuP0zgAF6nO6h3tKl57i0jtcdVahfG/HfLv7Cd07/7VPFntTOxzI1HgcKsN3qvTmaTiTEmEiypH7eAK/NTXCekp663AAAAFQDTAKUnP3gx9FF2nIR0OPaIfsGa6QAAAIAi5U4HuPcGtAo0ypnzfag2Ht6m5Bpue2nUIesoU0DESh1SksOfxOPIaGayOrztWvFuWUm0Vvg4HYF4LjHNP/+6jdc4lmjjZt+4khx0xN0Vq6/uU2XZOZGq6UNj2iW9Cb8njVdw2EvUDc9pxSpd8sEdQULia/Knb4RjFgngKCsj5QAAAIAcS8WOcBIf3t8zd6XMiCsO6YsTDDbZYxnv1Nx2NFZrUOlniRgBcmuoOifk99BiCbx64OoUqT8+6ZCpBdebr/uZQANRIBR9tLEwUfJO/TCNqu7LSP5yk/RY5OumUnfdzytTnHWWSWeFbbPYRfI66gYO0AJL14L/dXSWk2sFxhxh6w==

Importing Data

We will work with your incumbent provider to complete the data migration. Your incumbent provider will be required to provide Acquired.com an encrypted CSV file that includes at least the following fields:

Header	Format	Length	Description
id	`string`		A unique ID representing the card / customer.
cardnumber	`int`	12-19	The credit / debit card number used for the transaction.
cardexp	`string`	6	The expiration date of the card used for the transaction, in the format MMYYYY.

You may need to send additional data beyond the above fields. If you operate within the Financial Services sector, you may have been assigned a Merchant Category Code (MCC) of 6012, 6051 or 7299 by your acquiring bank. If this is the case, it has been mandated by the card schemes (Visa / Mastercard) to capture additional data about your customers. The additional parameters are:

Header	Format	Length	Description
customer_lname	`string`	0-50	Customer's last name.
customer_dob	`string`	8	Customer's Date of Birth.
billing_zipcode	`string`	0-100	The Cardholder’s billing ZIP or postal code.

Once the Data Migration has been completed, we will provide a file containing the token references of each card stored on your account.

Token Migration via API

If you have the customer data you want to migrate across to Acquired.com, you can send the information immediately via API.

This allows us to validate the information and provide a token reference to allow you to process future transactions.

Endpoint

Time to play – access your API using the following endpoint:

PROD: https://gateway.acquired.com/api.php

Request

Please note: Before sending card migration API requests, contact support@acquired.com to set your account to BANK MIGRATION mode. This will ensure that your data is saved successfully.

Within each API request, you have to ensure the following parameters are set to the following values – if these parameters are not set correctly, we will respond with a 102 response code and the details will not be tokenised.

Parameter	Format	Length	Description
amount	`string`	0-11	Value should be set to 0.00.
transaction_type	`string`	1-20	Value should be set to AUTH_ONLY.
subscription_type	`string`	1-20	Value should be set to INIT.

Here’s a list of mandatory and additional parameters that may accompany a request with some handy sample code alongside.

Parameter	Format	Length	Description
timestamp Required	`date`	14	Date and time of transaction submission.
company_id Required	`int`	3	API Company ID we issue to merchants.
company_pass Required	`string`	10-30	API Password we issue to merchants.
company_mid_id	`int`	0-4	Targets a specific mid_id within the company structure. Leave it blank (or don't pass it) to balance traffic across multiple mid_ids (banks).
user_agent	`string`	1-1000	Useragent data.
vt	`boolean`	1	Additional parameter to flag a transaction as MOTO - include if processing payments via phone or an IVR solution.
request_hash Required	`string`	64	Verification hash value - please see here.
transaction Required	`object`		Click here.
merchant_order_id Required	`string`	1-50	Unique ID you’ll use to identify each transaction.
transaction_type Required	`string`	1-20	The type of transaction you are trying to perform - possible values for this request are either AUTH_ONLY or AUTH_CAPTURE.
amount Required	`string`	0-11	Transaction amount.
currency_code_iso3 Required	`string`	3	Transaction currency, an ISO 4217 3-digit code.
subscription_type	`string`	1-20	If you want to tokenise the card details for future use - set this field to INIT. See here for more information.
merchant_customer_id	`string`	0-50	Your internal unique customer reference. You can use this field to link multiple transactions to a single customer.
merchant_custom_1	`string`	0-50	You can send additional data relating to the customer or another internal reference - with more data, your internal teams will be able to identify the customer’s transactions.
merchant_custom_2	`string`	0-50	You can send additional data relating to the customer or another internal reference - with more data, your internal teams will be able to identify the customer’s transactions.
merchant_custom_3	`string`	0-50	You can send additional data relating to the customer or another internal reference - with more data, your internal teams will be able to identify the customer’s transactions. If you are using our dynamic descriptor feature, you will not be able to use the `merchant_custom_3` field as the dynamic descriptor value should be passed in this field.
customer MCC 6012	`object`		Click here.	Click here.
customer_fname	`string`	0-50	Customer’s first name.
customer_lname MCC 6012	`string`	0-50	Customer’s last name.
customer_ipaddress	`string`		The customer's IP address in either IPv4 or IPv6 format.
customer_dob MCC 6012	`string`		Customer’s date of birth formatted as YYYY-MM-DD.
billing Required	`object`		Click here.	Click here.
cardholder_name SCA	`string`	0-100	Cardholder’s name as printed on their card.
cardnumber Required	`int`	12-19	Card number used for the transaction.
cardcvv	`int`	3-4	Card verification value, formatted as three or four digits (for AMEX) depending on the card type.
cardexp Required	`string`	6	Expiration date of the card used for the transaction, formatted as MMYYYY.
billing_street AVS & SCA	`string`	0-100	Cardholder’s billing street address.
billing_street2 SCA	`string`	0-100	Cardholder’s billing street address, line 2.
billing_city SCA	`string`	0-100	Cardholder’s billing city.
billing_state	`string`	0-100	Cardholder’s billing state or province.
billing_zipcode MCC 6012 & AVS & SCA	`string`	0-100	Cardholder’s billing ZIP or postal code.
billing_country_code_iso2 SCA	`string`	2	Cardholder’s billing country, an ISO 3166 2-character code.
billing_phone_code SCA	`string`	3	Cardholder’s billing phone number country code (For example, 44 for the UK).
billing_phone SCA	`string`	7-20	Cardholder’s billing phone number.
billing_email SCA	`string`	0-50	Cardholder’s billing email address.
shipping	`object`		Click here.
shipping_street	`string`	0-100	Cardholder’s shipping street address.
shipping_street2	`string`	0-100	Cardholder’s shipping street address, line 2.
shipping_city	`string`	0-100	Cardholder’s shipping city.
shipping_state	`string`	0-100	Cardholder’s shipping state or province.
shipping_zipcode	`string`	0-100	Cardholder’s shipping ZIP or postal code.
shipping_country_code_iso2	`string`	2	Cardholder’s shipping country, an ISO 3166 2-character code.
shipping_phone_code	`string`	2	Cardholder’s shipping phone number country code (For example, 44 for the UK).
shipping_phone	`string`	7-20	Cardholder’s shipping phone number.
shipping_email	`string`	0-50	Cardholder’s shipping email address.

JSON

{
  "timestamp":"20190620101530",
  "company_id":113,
  "company_pass":"password",
  "company_mid_id":1045,
  "vt":"",
  "useragent":"",
  "request_hash" : "f0a18260b08a0bfacb.....",

"transaction":{

    "merchant_order_id":"a9f0ce93-6f0d-4a15-a18b-45f1304b4bc0",
    "transaction_type":"AUTH_CAPTURE",
    "amount":"14.99",
    "currency_code_iso3":"GBP",
    "subscription_type":"INIT",
    "merchant_customer_id":"",
    "merchant_custom_1":"",
    "merchant_custom_2":"",
    "merchant_custom_3":""
    },

"customer" : {

    "customer_fname":"Edward",
    "customer_lname":"Johnson",
    "customer_ipaddress":"127.0.0.1",
    "customer_dob":"1988-10-03"
    },

"billing" : {

    "cardholder_name":"",
    "cardnumber":4000011180138710,
    "cardcvv":123,
    "card_exp":"022020",
    "billing_street":"Suite 2, 4th Floor",
    "billing_street2":"44 Baker Street",
    "billing_city":"London",
    "billing_state":"",
    "billing_zipcode":"W1U7AL",
    "billing_country_code_iso2":"GB",
    "billing_phone":"+44(0)2039826580",
    "billing_email":"support@acquired.com"
    },

"shipping" : {

    "shipping_street":"Suite 2, 4th Floor",
    "shipping_street2":"44 Baker Street",
    "shipping_city":"London",
    "shipping_state":"",
    "shipping_zipcode":"W1U7AL",
    "shipping_country_code_iso2":"GB",
    "shipping_phone":"+44(0)2039826580",
    "shipping_email":"support@acquired.com"
    }

}

If the response_code parameter is set to 1 – you have successfully tokenised your customers details. You can then use the transaction_id as your token reference to process Card Storage transactions.

After processing the transaction request, we’ll return a response to confirm the outcome. Again, some handy sample code can be found below.

Parameter	Format	Length	Description
timestamp	`date`	14	Date and time of transaction response.
response_code	`int`	3	Code describing the transaction result.
response_message	`string`	1-100	Text describing the transaction response.
company_id	`int`	3	API Company ID we issue to merchants.
mid	`string`	4	MID_ID the transaction was processed through.
transaction_id	`int`	1-10	Unique ID we generate to identify the transaction.
transaction_type	`string`	1-12	Transaction type, repeated from the request message.
merchant_order_id	`string`	1-50	Unique ID you’ll use to identify each transaction, repeated from the request.
amount	`string`	1-11	Transaction amount.
currency_code_iso3	`string`	3	Transaction currency, an ISO 4217 3-digit code.
authorization_code	`string`	0-50	Authorisation code returned by the issuing bank.
acquirer_reference_number	`string`	0-50	Value set by the acquirer to track the transaction, when present.
avsaddress	`string`	1-2	AVS check on the first line of the customer’s address, when available.
avszipcode	`string`	1-2	AVS check on the customer’s postcode or zipcode, when available.
cvvresult	`string`	1-2	Result of CVV2 security check.
bank_response_code	`int`	2	Transaction result code communicated by the issuing bank.
bin	`object`
issuing_bank	`string`	0-50	Name of the bank issuing the card used for the transaction.
card_category	`string`	0-30	Category of the card used, for example CREDIT or DEBIT.
card_level	`string`	0-30	Level of the card used, for example CLASSIC.
issuing_country	`string`	0-50	Country issuing the card used for the transaction.
issuing_country_iso2	`string`	2	Country issuing the card used for the transaction, an ISO2 two-letter code.
response_hash	`string`	64	Verification hash value.

JSON

{
    "timestamp": "20190620101531",
    "response_code": "1",
    "response_message": "Transaction Success",
    "company_id": 113,
    "mid": 1045,
    "transaction_id": "5436756",
    "transaction_type": "AUTH_ONLY",
    "amount": "0.00",
    "currency_code_iso3": "GBP",
    "authorization_code": "123456",
    "acquirer_reference_number": "7270912091283121",
    "avsaddress": "M",
    "avszipcode": "M",
    "cvvresult": "M",
    "bank_response_code": "1",
    "bin": {
        "issuing_bank": "ACQUIRED.COM",
        "card_category": "DEBIT",
        "card_level": "STANDARD",
        "issuing_country": "United Kingdom",
        "issuing_country_iso2": "GB"
    },
    "response_hash": "835956a9fe56d65416....."
}

Exporting Data

If you choose to use an alternative provider, before we can complete the export process, we must first verify that they are PCI compliant. All we need is their Attestation of Compliance (AOC) to satisfy this requirement.

Once the AOC has been received and approved, we will request a public encryption key from the receiving provider. We then use this public key to encrypt the sensitive cardholder data and transmit via SFTP.

Your sensitive cardholder data will be populated within a GPG encrypted CSV file. The file naming convention will be as follows: MERCHANTNAME_EXPORT_YYYY_MM_DD.CSV.GPG

The first row of the file will contain the headers as outlined in the below table. Each subsequent row will contain a new entry for each card that is tokenised on the Acquired Gateway.

Header	Format	Length	Description
transaction_id	`int`	1-11	The unique ID of the transaction for which the card was tokenised.
cardholder_name	`string`	0-100	Cardholder’s name.
cardnumber	`int`	12-19	Masked credit or debit card number used for the transaction.
cardexp	`string`	6	Expiration date of the card used for the transaction, formatted as MMYYYY.