Table of Contents

sonarPay: Token Migration Process

Jennifer Trower Updated by Jennifer Trower

Read Time: 12 mins

Sonar does not own your subscribers’ credit card or bank account information and does not have a direct relationship with your current payment processor. Because of this, token migration requests must be initiated by you directly with your current processor or gateway provider.

You have two options for moving payment methods to sonarPay:

  1. Ask subscribers to update their payment information through the customer portal.
    You'll need to provide clear instructions on how and when to do so.
  2. Request a token extraction from your current processor or gateway provider.
    This request cannot be initiated by Sonar.
    Your tokens may be stored under multiple groups or companies; ensure to check if that is the case and request all applicable tokens.

Prerequisites

Before requesting a token migration, gather the following:

  1. Your merchant ID, if applicable.
  2. Your current processor or gateway provider information.
  3. sonarPay’s AOC and Visa Global Registry documents.
  4. sonarPay’s PGP public encryption key.
  5. If you are onboarding, a separate file containing Account IDs from your previous billing software.
    To expedite your onboarding, please provide the following:
    1. A file of your tokens
    2. Account IDs from your previous billing software.

    This information helps us accurately match your tokens to the correct accounts and support a smooth onboarding process. Request it at the same time as your credit card tokens, but send it as a separate file directly to your Implementation Project Manager.

To help avoid delays, include the AOC and Visa Global Registry documents in your initial request to your provider.

An example email template can be found using this link.

Requesting a Token Extraction

You can request a token extraction from your current processor or gateway provider. Sonar provides a sample email template you can use when submitting the request.

Send the request directly to your provider’s support team, not a sales representative. You should also copy or loop in payments@sonar.software so Sonar can help keep the handoff on track.

In some cases, the request must be submitted through your provider’s customer portal by creating a support ticket.

Before submitting your request, confirm whether your tokens are stored under multiple merchant IDs, groups, or companies. If they are, request all applicable tokens, not only the tokens under your primary account.

You can request a token extraction from your current processor/gateway provider.

Processes vary by gateway. Below are the required steps for each of the following providers.

Authorize.net

Stripe

CardConnect

ProPay

Moneris

Provider Requirements

Authorize.net Requirements: 

The following outlines the process for initiating a token migration from Authorize.net to sonarPay. These steps are critical to ensure a smooth and secure transition for your payment processing.

Token Migration Steps

Request Token Extraction

The merchant (you or your team) must submit the request directly to Authorize.net. Requests submitted via their support team are handled more efficiently than those routed through sales representatives.

  1. Log In: Log in to your Authorize.net gateway.
  2. Submit a General Support Case: Navigate to Contact UsSupport CenterGeneral Support Case.
  3. Request Details: Request a credit card token extraction, including all Card and Bank data.
  4. Fees and Timeline: Authorize.net charges a $250 fee for this service, which we will credit to your Sonar account upon receipt of the file. The extraction process takes 2-4 weeks, processed on a first-come, first-served basis twice a month.
  5. Required Waiver: Authorize.net will send a waiver form to be signed before processing the extraction.
  6. Encrypted File Delivery: Authorize.net will deliver the encrypted file directly to our Facilitator and email you confirmation when that has been completed.

Critical Notes

  1. Provide as much information as possible in your initial request to avoid delays (see template below).
  2. Include the attached AOC and Visa Global Registry details with your request.
  3. Forward any confirmation emails to payments@sonar.software.
Sample Token Extraction Request
Subject: Token Migration Request for [Your Business Name] (MID: [Merchant ID])

Dear Authorize.net Support Team,

I am requesting an export of all payment methods, including Card and Bank data, for migration purposes.

Please encrypt the data using the provided PGP key below. For reference, I’ve attached the AOC and Visa Global Registry details for expedited processing.

If you have any questions, please don’t hesitate to contact me.

Thank you,
[Your Name]

Insert the PGP PUBLIC KEY BLOCK

If the provided credentials or file expire before processing, or if Authorize.net cannot locate the data, we recommend calling Authorize.net directly to expedite re-issuance of the SFTP credentials and file.

Please confirm when the request has been submitted or if additional support is required.

Stripe Requirements:

When sending a request, provide as much information in the initial request as you can. This helps to expedite the transfer and removes unnecessary communication.

  1. You can initiate a data migration request or ask a data migration question via Stripe’s secure data migration request form
    You must be logged into your Stripe account to access the form.
    This form streamlines the account verification process and provides Stripe with all the relevant details needed for the migration.          
  2. After submitting the form, you will receive a confirmation that the form was received. Stripe will then follow up by email within the next 3 business days to answer any questions you may have and to provide you with the next steps for your migration process.

To meet PCI compliance obligations, Stripe can only transfer your card data to another PCI DSS Level 1-compliant payment processor, such as sonarPay.

Stripe requires the following information about sonarPay to complete this request:

Once you let Stripe know that your new payment processor is sonarPay, they can usually confirm if sonarPay meets the above requirements.

Stripe requires confirmation for the following items:
1. The account name.
2. The Migration type; respond with export.
3. The processor to export data to; respond with Payrix.
4. What payment types to export; respond with cards and ACH. If you do not accept ACH, then just respond with cards.
5. What file format you need for export; request JSON.
6. If you need a full or partial export; respond with full.
Migratable Data

Stripe can help migrate your customer card information to sonarPay by creating a secure, encrypted JSON export file. This file may include customer card details, email addresses, and any attached metadata. Stripe can then securely transfer the file to sonarPay for import into our system.

To begin, use Stripe’s contact us option and list sonarPay as your new payment processor.

CardConnect Requirements:

  1. Log in to CardPointe.
  2. Create a new support ticket.
    1. The subject of the ticket should be “Credit Card Token Migration”.

A few things to note with this process:

  • You should hear back in ~5 business days with the next steps.
  • Fees are a case-by-case situation.
  • CardConnect will provide you with an encrypted file. 

ProPay Requirements: 

  1. You will need to open a ticket by sending an email to Client Support: clientsupport@propay.com.
    1. The subject of the ticket should be “Credit Card Token Migration”, along with the company name and MID.
    2. Request a token extraction of your credit card data (reference the below template).
  2. A ticket will be opened, and a form will be sent to you to fill out. 

A few things to note with this process:

  • Fees are a case-by-case situation.
  • ProPay's Client Support number is 801-341-5312.

Moneris Requirements:

  1. You would have to contact the cancellations department and put in a request.
    1. Your request to do this could be done through your customer login via a support request to cancel services and extract their card tokens.
As a reminder, within your initial email, please include the AOC and Visa Global Registry documents to help expedite your request.

Here you can find our AOC and Visa Global Registry if a request is made by your current processor for this information.

What to Do With What You Get Back

After you submit your request, your provider will usually respond with one or more follow-up items. What you do next depends on what you receive.

Some providers require a signed waiver or consent form before they will process the extraction. For example, Authorize.net requires a signed waiver.

Sign and return these forms as soon as possible to avoid delays.

If your previous processor is IPPAY, additional hold-harmless forms are required before token work can begin. Your Implementation Project Manager will provide those forms.

Export Confirmation

If your provider confirms that the export was submitted or is in progress, forward the confirmation email to: payments@sonar.software

This helps Sonar keep the migration handoff on track.

Encrypted Data File

Encrypted token files are delivered directly to Sonar’s payment facilitator.

You do not decrypt these files or handle raw card data at any point. This keeps the transfer secure and within compliance.

Account ID File for Onboarding Customers

If you are still onboarding, provide your Implementation Project Manager with a separate file containing the Account IDs from your previous billing software.

Send this file directly to your Implementation Project Manager. Do not include it in the token request to your provider.

These Account IDs allow your tokens to be matched accurately to the correct accounts in the next migration stage.

What “Done” Looks Like for This Stage

This stage is complete when:

  1. Your provider confirms the export is in progress or has been delivered.
  2. You have forwarded any provider confirmations to payments@sonar.software.
  3. If you are onboarding, your Implementation Project Manager has received your Account ID file.

After this is complete, the token transfer and matching process can begin.

If Something Goes Wrong

A few common issues may delay the token extraction process.

If credentials or file links expire, or if the provider cannot locate your data, contact your provider directly. Calling the provider can help expedite reissuing credentials or generating a new file.

Tokens Stored Under Multiple MIDs or Companies

If your tokens are stored under multiple merchant IDs, groups, or companies, confirm this with your provider. Request all applicable tokens, not only those under your primary account.

No Response From the Provider

If your provider does not respond, make sure the request was sent to their support team instead of a sales representative. Including the AOC and Visa Global Registry documents in your initial request can also help move the request forward.

Example of Token Extraction request:

Subject line: Token Migration request for Example ISP (example) MID:123456789 (example)

Hello [Gateway] Support,I’d like to request an export of all of my payment methods, including all Card and Bank data.

When the export is ready, please send the file to the following Payrix ticket address https://wp4p.zendesk.com/hc/requests/99117 in JSON format and reference: sonarPay, organization / merchant name. If you can not format in JSON, a CSV file is fine.

Please encrypt using the Public Encryption Key (PGP) below. I have already included an AOC and Global Registry for your review to expedite this process.

Please let me know if you have any questions.

Thank you,

John Smith

PGP Public Key

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBFtWLsQBEAC4fChHoRZWzaRZsbiaGOJuf1uw3WwddiMfuWEJkVhjfr3tdfjX

mCfpqiB78iI3soMTYUpby3Ge9L3WgNidyZ9QcnWnP+6JC1q04U8+lte+yjYzOdgw

fKWetk9lbjGlXQ/0ORVutV2f8VamrEJRQq0zehyqwCCMFjTfT0jSkmL9uG9cKvtI

a/bhbYz201s27NCogDDYxZ+Qj8o2mFm4CM/fvQ+pJPauLu/wtxRsJDrPzIBmgpKD

s8lk/aAt4mnUTLB+4iYwvE7YDG9G6g1V7Jj31J7KDImPEnVruIm5aTTVD/3HPExa

/U1Vk14gCfgR4/3mMaukhbolu0DqFlmXzuXplIo5CGEHWCL0fVg3KL/ocMtHPzEU

Dsk6zH28s7YqYVwnJOX0OogSwWNiTGjR7fCaPtEtPawbQHY5UPKJ+8NShv5abeWf

UZfB232ZPprT53wWYU5ELcgicAIvz7bfr5UOonr28KeLB86Cf6jgCHqsR4uqZDVf

bhh4GJ5fgJfv7DCJ7OMQSOWDfSzfVLJWz2mhvbMR0oELVzt90OEImhYHZda3So+2

ws3VmS4C8/72m1m5UPn5n592Jh1+eOnq7FiIa2roCMQafEwcpQHnk7qcNptMWfz8

1eormZ53UWj2IC1D9LxNMtHSpG8Cf9USGUWP5yzVpczmqCTPC7tTikI/uwARAQAB

tA1wYXlyaXhfc2VjdXJliQJOBBMBCAA4FiEE3nCWHaDvntpm4idFZTx1BjeCUZYF

AltWLsQCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQZTx1BjeCUZY9Bg/+

LWURdlIDQhl2F49RC21n1DDXcNlHEjS3PLul24BTkSaFBHpBd2othnLQ7KpC8HbV

F4K0uc5FlcV7qHXYXTkZsNki+IXTSC7dtf80uErlNvNxfzKjCuX+b8hLF9C2oaJk

ddIvpRg04YecSRoPUeFP8SnWVTC+wwDczE6hOdpMEL3W4fl/spwm6A6AaB0hjhIS

m6zNZl0vlWFlTnNwujVb24DQMr8GifIPCWcXVu+SY4i895JLWSCKNAd7FBXuGNk4

rm8wD8DY+yWh55zwwomYe/EkLgv98I/RG4A0hNK0r0aGFjJin6S74iZ+TT4TOTOc

edq9dzG6PTSwvAnwxIwF3ID8BsHHxtwzzdTArNUinM2exgYYpei7ttk/1pw7VIFO

dbnVqVdq2lIy9PBLMQxw0XArgesvFXpTjGcu/2+nykIoIcz/sTCU4Q79U0Hex/tJ

4rRu44M0UffnEtPyUl8Sd4fVXzFcHEio+SmjPTvvWvsg9Xs9/1TZaBLn/6y+hU1l

kjbCbF8BtPGvFgirGlNkwQxdzkZ9SUp+V7l1vC9DA1oa535gA/nuQHDKoZpPuymz

nTPETilFbjw1ZEpndZtnxE4wT4zcnQ5ZUi74/fT7HhBfzOj38i+IoKb3Ltjb2vnI

x1B9+K+TTLr5XYWXDOJDBjeOI1ri3C2Psl0zyCchrta5Ag0EW1YuxAEQAM1WL6EW

vJyWzGN8iwzW6vGEyZGAVToGicBTOaMHv5g2fCZz/lyb8mxAE9s5cvk+/w0CMjaT

IS/mfcYdkISjJZVRdLWP/bXv+MgIL4sVTPiNNT4RSWedPDfiUQ2Fks+QWV3NgvND

V8ojMSg17wxO2JXNX489GElcsJ20XUNlzrgfimtyPcNhvOBg21BJ68xwfPT7aoF5

ZHQrT2lzT8M55y0XcHgyih3SiasWTZ+EMZKbmb35MnLcgaMvn3ayfvhKrbladghH

2DpvyRFZPVgF26Z/cKeuns7adGbrzjOFszuFAyVVbzyYn5v34wASjD7F+qm5ykSO

SE2L0EPAtztIrdgGWskeLcFbG0nKHXz96oj5xlYcuMXs0vrtM7SBKPB9v/qegY2d

X1+JXB5vJTcOB3zOOeb3CtoH958W1yImvfQKx/MsnO6h2YFXk9NMJT5OV5DjmWdF

yrlohTCsBbAk0xevgCMZa3mSC7E+fo0sp2BpJ0Hp+U55wYtpzDN1NJR0qdWZWa/n

vA07kGBCFRA7UkC5rvj27LtyUSib8wkh9XSkxJLELjwbgCzG1eH3OIrGtsGXgbtn

4K/4Bh23se7XVjqEFnkN6DUFyhgioeftJ1Wx+TphfjVznUCMaSkDjeAa7AIQ3Fgz

WQ3wJgk7Qz7BMtyO2dqBi0YheHVum6t+4FAfABEBAAGJAjYEGAEIACAWIQTecJYd

oO+e2mbiJ0VlPHUGN4JRlgUCW1YuxAIbDAAKCRBlPHUGN4JRlitzEACK+JGMWaZ3

1w9Aq3x+pWDztnQn8WZnAFiNzNdL8zTZCOT3Ty1Bl5INisz1SDZGnyPRJSjmZRWp

CLHZrkTRhUpxq/2sapcMTT6DnC9X5JcPnomGudBhhOsA0KH7BhgY0G8PTIz91Nbq

Ystt97qb3heobl+x+TyLFiLyHyVfW4QR5cc/SNE+H2y43VFnWhhqlRIUGW0JpUbg

blEmOAOTK8OyjDwM/BwgISAl96ucaDWIhMhFIFnxdnNM3fZ2jjfLKeMGDQzofzhp

iPdV01TfPQ2QVEkrOKZQi1FVSyQrlAZyvoMRdYXe/NZFv1bi8poJ5gO8ceq93CbZ

+fmoaflifZjHs8LqT45MIgn3Lm4+MoIdVuPYiM8qvMr0ZmHp7XkMt8Rm8OjXPlvT

YIMM9dzycff0sjJ7Fwv0L9icGO+3T3plFrOkaHIw2JPoJhhknlfcD5m2meFg9ARd

jdRMnRrBgDEkgnKZ9f3/fYsFJU7EGOkh858oLwUWoVFDML11fH4oUXeAmbE0TJnK

CNgbcsk1Jc8fTgcLMzSRd4gz5moJ0QnmW8U241PfxW0X/2cmMXuaHefCdHkrs7k5

5ISnY9T/u4PUh93evaarUiw8CdHyO2uGJgEMKP8B4wThV/gGdhi7uKEBGi6+RZHk

tx/bUvZN0mR+RQkpkyiGmAAB82wUPpQFEg==

=Y0mE

-----END PGP PUBLIC KEY BLOCK-----

How did we do?

sonarPay Reversals, Voids, & Refunds: Overview

Contact