We are sad to see you go, but if you would like to leave us, we have a process in place so you could take your tokens with you to your new payment service provider, for as long as they support token migrations.
Here is how the process would work:
- Include your new provider in an email specifying your request to move your card tokens away from us and confirming the public PGP key of your new provider.
- Please note the PGP key should be a provided as a URL on your new provider’s website.
- Judopay would generate the file with the card data and upload it in an encrypted format to our SFTP server
- Judopay would send details in an encrypted format over to your new provider so they could access the card data
Requirements for the new payment service provider
If we have not worked with you there would be a few steps you would have to complete before we could release any card data.
- We require your PCI AOC certificate
- Your PGP public key to be published on your company website domain
- Answers to the following validation questions
- An overview of the token migration process
- What is your process of dealing with the data post migration?
- Will you be holding a chain of custody throughout the migration process?
- How many people will be monitoring the token migration? Could you please provide the roles of the people involved in the migration?
Further detailed information for the new payment service provider
We will be encrypting the data with your PGP public key so only you have the ability to decrypt the card data file.
The credentials we create for you to log into our SFTP server, to access the encrypted card data file, will be in a PGP message format that we will encrypt using your public key.
The SFTP server credentials will be active for 3 days.
The data will remain on the SFTP server for 7 days. After 7 days data will be deleted. If the data is not collected within the 7 day period we will have to reschedule the extraction process again.