Computes the security token to harden the redirect against fraud.
The security token is computed as a hash over transaction data, tokens and timestamp. The credential with largest ID (the newest one) is used.
the security token or null if the merchant has no credential set.