Capital One Credit Card Token Issue


Issue: Capital One Bank/Credit Card asking for Token every time.

Explanation: Ledgersync is experiencing an issue with Capital One in that the Bank consistently asks for token. We have done extensive testing and it seems that in some cases Capital One recognizes that a "Server" is asking for a Bank/Credit Card connection and as a result is requesting a token as a secondary layer of security. Ledgersync takes security extremely seriously and therefore we only use reputable hosting providers that are secure. 

As a result, "We Know" that asking a token is extremely inconvenient for you and this article addresses a solution.

Solution: The recommended solution to this problem is simply to have your client "ADD" your email as a recipient of the token. Username/Password is not passed over to you, rather just the ability for Capital One to send you (the accountant/bookkeeper) a token. 

As a result, you can run a Capital One Account anytime and simply have the token sent to you. 

** This entire process takes 3 minutes.

Please see the screen shot below on Capital One's web site to add your email as a recipient of the token.


1) Client logs into Capital One Bank/Credit Card web site

2) Click on Profile

3) CLICK EMAIL OR PHONE NUMNER - (We recommend email) 

Please have the account owner (client) add in the email that you wish to receive the token.  Best Practice we have seen is a shared internal email address (example-

To confirm- Just the Token will be sent to you, not username and password. 




Was this article helpful?
1 out of 1 found this helpful


  • Avatar
    Matthew Fulton

    We have implemented this practice with all our clients across all banks that allow us to. Chase and Capital One, both make this very easy to add and allows us to do our updates without bothering our clients. In the past, it always seemed like the security token would go to one of the Managing Partners email address when someone else needed to process the update. To resolve this, we created a shared mailbox specifically to receive these tokens and it has worked out perfectly. Everyone on the shared mailbox will receive the notification of a security token, but only the person who requested the token would know who it was for since the email does not provide any account identifiers.

    To take it a step further, we also setup our phone system (DialPad) with a "room" number that is also shared and receives text messages. Most VOIP service providers offer the ability to send and receive text messages, however there are SMS services that can be used from your computer that could be shared just like the email trick.!