We want to implement Implement detokenize and tokenize API calls to detokenize or tokenize PII data elements in the request and response of MC and VISA API calls in Pega smart dispute framework 24.1 product. Need the best place to implement so that OOTB functionality is not affected. We want help to advise the best place to implement this requirement so that OOTB functionalities are not impacted. Appreciate your help. We want to make sure that the customization wont have impact in future support tickets raised to the Pega product for any issues.
To implement tokenization and detokenization without impacting OOTB functionality, you should override the request and response Data Transforms of the Mastercard and Visa Connect-REST rules into your application’s implementation layer. Call your tokenization API within the request Data Transform just before the data is sent to the schemes, and call the detokenization API in the response Data Transform immediately after receiving the data. This approach keeps the security logic contained within the integration mapping layer, ensuring that core business rules remain untouched. By using the implementation layer for these overrides, you maintain a clean separation from the product code, which preserves your ability to receive support and perform future upgrades seamlessly. This method provides a direct, maintainable, and secure solution for handling PII while keeping the Smart Dispute framework intact.
Hi Sai, Thanks for your response, really appreciate it. I am somehow thinking more on the exception handling part incase if the detokenize or tokenize API fails then how and where to redirect or park the case. Could you please throw some light on the exception handling part.
We have card number that is being passed in certain MC/VISA APIs as clear but internally we maintain tokenized format within Pega case. So the need is to detokenize it and pass clearcard in the third party API requests and if PII data element present in the response we tokenize and save onto the pega case.