As the deadline for tokenising saved cards – mandated by the Reserve Bank of India – comes closer, the murmur in the market has grown thicker on how to go about complying with RBI’s circular.
For the uninitiated, RBI has directed all e-commerce companies including online ticket booking, grocery, and food delivery businesses to stop saving customers’ debit and credit card details.
We can ascertain the importance of saved cards by the fact that 70% of transactions on Paytm happen through the saved card checkout flow.
Since online transactions via saved cards are useful for both consumers and digital businesses alike, RBI has proposed a solution: saving the tokenised version of these saved cards instead of actual card details.
It wants e-commerce companies to allow customers to tokenise their cards so they can continue with the saved card shopping experience.
A brief definition of tokenisation
If you are already aware of what tokenisation is, skip this part and jump to the section where we talk in detail about how to configure tokenisation on your website.
Tokenisation refers to the process of replacing actual debit and credit card details with randomly generated numbers, also known as tokens. These tokens are unique to every online platform, even if they are tokens of the same card.
Another added security feature of tokens is that they are irreversible and can’t be traced back to their original data unless they are matched with additional data. This means that even if the servers are hacked and these tokens are leaked customers’ card details will not be revealed.
RBI’s directive is a healthy development for the industry as it boosts confidence in online shoppers to make digital payments without any fear. It also takes away the pressure from e-commerce companies to safeguard users’ sensitive card details.
How online businesses can adhere to tokenisation guidelines
There are a handful of things that e-commerce companies have to take care of in order to enable their websites for tokenisation.
As directed by RBI in its circular, online businesses have to get explicit consent from their users who wish to tokenise their debit and credit cards. RBI is very particular about the user being aware of giving their consent. Online shopping platforms can’t use tools like an auto-selected check box hidden at the bottom of their page to get users’ approval.
This consent has to be followed by another authentication from the customer in the form of an OTP.
Even after putting in several checks, RBI has proposed that no entity except card network providers – RuPay, Visa, Master Card, and American Express – can store these tokenised saved cards on their servers.
These network providers are entitled to provide online businesses, payment gateways, and payment aggregators with the tokenisation service.
Since Paytm Payment Gateway has already partnered with a host of these network providers, online businesses can rely on us to provide their customers with a smooth tokenisation experience.
A step-by-step guide to tokenise cards on Paytm Token Gateway
Paytm Token Gateway is flexible, versatile, and made for everyone. It works seamlessly for businesses that use Paytm as a payment aggregator as well as those that use other payment aggregators.
The integration process and the workflow would vary depending on whether the online business has partnered with Paytm Payment Gateway or other gateways.
We are going to take you through both the processes.
Businesses that use Paytm Payment Gateway
Businesses can tokenise customers’ new cards as well as already saved cards. It is to be noted that if a customer chooses to tokenise their card while making a payment for their purchase, both can be done simultaneously.
The process starts with the customer giving their consent for tokenising the card. As per the RBI rules, the customer will also have to provide additional authentication by punching in an OTP, which they will receive soon after giving the consent.
Once the authentication is done, Paytm TG will send the tokenisation request to the respective card network. We will send a unique Token Index Number to the business, also known as token requestor. Token Index Numbers are mapped to the specific card as well as the e-commerce platform to which the customer gave consent.
Once the card is successfully tokenised we will notify the token requestor and send them all the token related information.
Businesses should save the Token Index Number against that customer. This will be needed for future card operations such as for generating token data, modifying token status, and fetching token information of that particular customer.
Businesses that use multiple payment gateways
Once the customer enters the card details and gives the consent to the e-commerce portal to save and tokenise the card, the latter will have to initiate the tokenisation workflow.
The next step for the businesses is to find out if the customer’s card is eligible for tokenisation. They can do that by calling our Fetch Bin API.
Once we establish the card’s eligibility, businesses will have to send Paytm MID, customer information, customer consent along with their card details to Paytm using Tokenise Card API.
Now, Paytm TG will route the tokenisation request to the relevant card network provider. Further, we will send the business a unique Token Index Number and notify them once tokenisation is completed.
Save the Token Index Number for future card operations.
Lower cart abandonment with Paytm Token Gateway
It is a no-brainer that customers love fast checkout and tend to drop their cart if they feel the payment process is too long.
Payments via saved cards have been single-handedly lowering businesses’ cart abandonment rates. With tokenisation, RBI has made payments via saved cards more secure, which means more and more online buyers would opt for it.
And the deadline to comply with the RBI guidelines is closing in. If businesses fail to provide their customers with tokenisation, they will be forced to delete all the saved cards by July 1, 2022.
Call our experts at Paytm Token Gateway to get started with tokenisation and give customers the flexibility to save their cards as per the RBI guidelines.