Token Vault is India's first interoperable card tokenization solution that enables businesses to process customers' saved card payments securely while maintaining RBI compliance. The solution allows merchants to continue offering saved card functionality without storing sensitive card information on their platforms.
As per RBI guidelines effective from October 1st, 2022, neither businesses nor payment aggregators can save customer card details on their platforms. Card details can only be saved by card networks or issuing banks.
Card tokenization is the process of replacing sensitive card information like card number and card expiry with a cryptographically generated random string, referred to as the card token.
Once a card is tokenized, the generated card token can be used for processing payments as a substitute to card details, thus eliminating risk of loss of sensitive card information while making card payments.
Token Vault supports all major card types:
The solution supports all major card networks.
Token Vault is India's first interoperable card tokenization solution. If you are using multiple payment gateway platforms, you can use Token Vault as a single integration to process card payments across multiple payment gateways or card networks.
Cashfree Payments is a fully certified and compliant Token requestor. The solution supports credit card tokenization, debit card tokenization and helps process cards issued by all leading card networks.
Token Vault comes auto-enabled for merchants on standard checkout flow. Merchants on seamless flow can integrate Token Vault API with their platform with minimal integration effort. Once integrated, Cashfree Payments takes care of both saved card function and processing payments.
Cashfree Payments has an ecosystem of 16mn+ saved cards that readily helps provide a faster checkout experience to customers. Customers can simply select the saved card and pay directly just by entering the CVV of the card.
The Reserve Bank of India has issued the following guidelines on card tokenization:
Merchants using Standard Checkout integration do not need to take any action. Cashfree Payments will automatically enable the saved card feature along with the ability to convert card details (as customers enter the card) to unique tokens and then further process tokenized cards received from card networks.
Customers having their cards already saved on the merchant site will have to enter the card details and do a one-time re-authentication for the first transaction on or after July 1st, 2022 to continue using the saved card feature.
Merchants using Seamless Pro integration will have to update their APIs before June 30th, 2022 to save and process card transactions. Once API has been updated, customers having their cards already saved on the merchant site will have to enter the card details and do a one-time re-authentication for the first transaction on or after July 1st, 2022 to continue using the saved card feature.
Merchants are allowed to store only the following card information:
Merchants cannot store other details like:
Explicit consent of customer is mandatory while provisioning token for the card. Merchants cannot provision card network token without taking consent from customer.
If 2FA fails even after the customer had given consent to tokenize the card, merchants will not be able to provision token and save the card.
Token Vault provides interoperability features that allow merchants to securely process card payments across multiple payment gateway platforms and card networks.
The token reference number of tokens provisioned through Cashfree Payments will be saved with Cashfree Payments only. However, merchants can fetch the card network tokens from Cashfree Payments and use them for payment on any other payment aggregator. It is not possible to migrate cards provisioned through Cashfree Payments on another payment gateway.
Token Vault provides credit card tokenization and debit card tokenization for VISA cards. Merchants can tokenize VISA debit and credit cards, and retrieve them whenever customers try to access the saved cards.
Token Vault provides credit card tokenization and debit card tokenization for Mastercard. Merchants can tokenize Mastercard debit and credit cards, and retrieve them whenever customers try to access the saved cards.
PCI/DSS compliant merchants have to delete the already saved cards with them as RBI does not allow bulk tokenization of cards.
Merchants who were saving the card number on their own servers can simply integrate with Token Vault APIs of Cashfree Payments and continue processing saved cards after a one-time authentication by customers. In this case, Cashfree Payments will act as token requestor on behalf of the merchant.
Alternatively, merchants can also integrate with individual card schemes and become a token requestor themselves.
Tokenization is limited only to card payments. All card payments including credit, debit, prepaid and corporate credit cards are impacted.
There is no impact on card payments where the customer enters the complete card number details. Only in cases where merchants or payment aggregators were saving cards, card tokenization will come into effect.
Merchants will not be able to get the actual card number back from the tokenized cards. Only card schemes and issuing banks will be able to retrieve actual card numbers from tokens.
Cashfree Payments offers a recorded fireside chat featuring Ravi Varma Datla, VP Digital Products at MasterCard - South Asia, to help businesses understand how Card Tokenization can help stay RBI compliant.
Cashfree Payments provides comprehensive guides on:
Card Tokenization is the process of replacing sensitive card information like card number, card expiry with a cryptographically generated random string, referred to as the card token. Once a card is tokenized, the generated card token can be used for processing payments as a substitute to the actual card details like card number and card expiry and cvv thus eliminating the issue of loss of sensitive card information while making card payments.
Token Vault is a card tokenization solution. Any merchant offering the save card feature to their customers will have to do so by provisioning a token instead of saving the actual card number. Token Vault will help merchants to effortlessly migrate to this RBI compliance requirement.
Token Vault is India's first interoperable card tokenization solution. As a merchant, you can use Token Vault's interoperability to securely process card payments across multiple payment gateway platforms and card networks.
Yes, Token Vault provides credit card tokenization and debit card tokenization. You can tokenize VISA debit and credit cards, and retrieve them whenever your customers try to access the saved cards.
Yes, Token Vault provides credit card tokenization and debit card tokenization. You can tokenize Mastercard debit and credit cards, and retrieve them whenever your customers try to access the saved cards.
PCI/DSS compliant merchants have to delete the already saved cards with them as RBI does not allow bulk tokenization of cards. Merchants who were saving the card number on their own servers, can simply integrate with Token Vault APIs of Cashfree Payments and continue processing saved cards after a one-time authentication by customers. In this case Cashfree Payments will act as token requestor on behalf of the merchant. Alternatively, merchant can also integrate with individual card schemes and become a token requestor themselves.
Cashfree Payments offers 2 types of checkout integrations: 1) Standard Checkout & 2) Seamless Pro.
A. Merchants using Standard Checkout integration do not need to take any action. Cashfree Payments will automatically enable the saved card feature along with the ability to convert the card details (as customers enter the card) to unique tokens and then further process tokenized cards received from card networks. Customers having their cards already saved on the merchant site, will have to enter the card details, and do a one-time re-authentication for the first transaction on or after 1st July 2022 to continue using the saved card feature.
B. Merchants using Seamless Pro integration will have to update their APIs before 30th June 2022 to save and process card transactions. Check out API documentation. Once API has been updated, customers having their cards already saved on the merchant site, will have to enter the card details, and do a one-time re-authentication for the first transaction on or after 1st July 2022 to continue using the saved card feature.
Merchants are allowed to store only the last 4 digits of the actual card number, card scheme and issuing bank name. They cannot store other details like card BIN, card expiry or CVV.
No, merchants will not be able to get the actual card number back from the tokenized cards. Only schemes and issuing banks will be able to do so.
No, explicit consent of customer is mandatory while provisioning token for the card.
If 2FA fails even after the customer had given consent to tokenize the card, merchants will not be able to provision token and save the card.
Yes, the token reference number of tokens provisioned through Cashfree Payments will be saved with us only. However, merchants can fetch the card network tokens from us and use them for payment on any other payment aggregator. It is not possible to migrate cards provisioned through Cashfree Payments on another payment gateway.
No, tokenization is limited only for card payments. All card payments like credit, debit, prepaid and corporate credit cards are impacted.
No, there is no impact as such on card payments where the customer enters the complete card number details. Only in cases where merchants or payment aggregators were saving cards, card tokenization will come into effect.
Cashfree Payments enables 1 Million+ growing businesses in India and across the globe to collect payments, make payouts, manage international payments, and more. Cashfree Payments is backed by SBI, Y Combinator, Krafton, and Apis partners and was incubated by PayPal.
RBI Authorised Payment Aggregator License Certificate of Authorisation No. 266/2025
RBI Authorised Prepaid Payment Instrument (PPI) Provider Certificate of Authorisation No. 209/2024
Token Vault and Cashfree Payments integrate with: