A game-changer in transforming online payments in India
India is heading towards a major transformation in the online payment eco-system, with Tokenization. The sole objective of this change in the way we store card-on-file data, is to prevent payment frauds & data breaches.
So then, what exactly is Tokenization?
Tokenization is a procedure of substituting sensitive card information (PAN) with a non-sensitive equivalent called token or a reference number.
The best metaphor of tokens will be a poker chip. Instead of risking placing thick wads of cash; poker chips are used for better and safer play.
It essentially helps enhance the level of security during a transaction, where instead of the card number, an alias is stored. This alias can then be used for the e-commerce transaction instead of the card number.
Its impact on your business
Well, if you are offering “save card” feature for a quick checkout experience of your consumers, you will now instead need to store an alias instead of the card number.
Most of your returning customers save their cards/payment instrument details (excluding CVV) on the website for a seamless checkout experience.
With the RBI guidelines effective 31st Dec 2021; Merchants, Aggregators & Acquiring Banks, cannot store customer card related information. Which essentially means that going forward Merchant, Aggregator or Acquiring Bank will have to enable tokenization and use these tokens to continue offering a similar seamless checkout experience for their customers.
Its impact on your end consumers
From a user experience standpoint, there is no impact on end consumers. However, for enabling tokenization on your platform, the consumer will have to give a one-time explicit consent for tokenizing their cards before proceeding with their OTP-based transaction. This consent would be taken even if the consumer adds their card number or any other payment details and opts in to save the information for future transactions.
How does PayPhi help?
Our PayPhi Token Requestor Gateway enables your business to migrate to tokens instead of card-on-file and helps you comply with the RBI Guideline. Our platform is robust, safe, secure, reliable and a compliant digital payment solution for your business.
Token Requestor Gatewayis a payment instrument token offering for Merchants and Payment Aggregators that facilitate secure token-based storage and retrieval of payment instruments along with seamless integration of EMV/Non-EMV token(s). You can simply integrate with PayPhi to generate tokens and process token-based transactions.
The features include –
- Single interface for all major networks
- Secured card vault
- Support multiple payment instrument storage
- Default card management
- Seamless integration with networks for EMV or Non-EMV tokens
- Personalized service and portal to manage payment instruments and tokens
- Lifecycle management for payment instruments
Types of Tokens
Acquirer or Card on File Tokens: e-commerce card-on-file tokens is an acquiring token which are not unique to any device & belong to a merchant.
Issuer or EMV payment tokens: are open-loop tokens facilitated by a Token Service provider. These tokens are used by replacing the payment credential (PAN) with different numeric value. These tokens are unique to a device and its merchant.
How does Tokenization work?
- Token requestor enlist with a token service provider
- Provisioning request is sent by the token requestor
- Card credentials and cardholder identity and verification (ID&V) is processed by an issuer and assurance level with domain controls for the token is fixed
- Generation of the token
- Activation and provision of the token
- Usage of the token by the cardholder in a payment transaction
- Detokenization, domain check, confirmation, and transaction authorization
- Use of token to clear and settle the transaction
- Management of token through its lifecycle by token requestor