[Stay RBI compliant] Process card payments securely with our card tokenization solution.Activate Now!

Token Vault

Card Tokenization

Solution

Give your customers the option to save cards on your website or app and process card payments securely while being RBI compliant.

Supports all major card types:

  • Credit cards

  • Debit cards

  • Prepaid cards

  • Corporate cards

Supports all major card networks

What is card tokenization?

As per RBI guidelines, with effect from 1st July 2022, neither businesses nor payment aggregators can save customer card details on their platforms. The card details can only be saved by the card networks or issuing banks.

Card tokenization is the process of replacing sensitive card information like card number, card expiry with a cryptographically generated random string, referred to as the card token.

Once a card is tokenized, the generated card token can be used for processing payments as a substitute to card details, thus eliminating risk of loss of sensitive card information while making card payments.

Why Token Vault?

saved-card

A complete card tokenization solution

Token Vault is a complete solution. It offers both saving tokenized cards functionality and ability to process payments using tokenized cards as a single solution so that businesses do not have to look out for multiple payment partners.

instant-settlements

Cashfree Payments is a certified token requestor

Cashfree Payments is a fully certified and compliant Token requestor. We support tokenization of cards issued by all leading card networks.

card-pre-authorization

Zero manual intervention

Businesses can integrate Token Vault API with their platform with single integration. Once integrated, Cashfree Payments takes care of both saved card function & processing payments.

instant-refunds

Faster and secure checkout experience, guaranteed

With Token Vault, you can offer repeat customers the option to save card, customers can simply select the card and pay directly just by entering the CVV of the card. Make checkout faster and secure while staying RBI compliant.

Learn from experts on how you can stay RBI compliant with

card tokenization

Have questions on the latest RBI guideline on Card on file Tokenization and how it will affect your customer transactions? Watch our detailed discussion or read through our comprehensive knowledgebase to learn more about card tokenization.

Fireside Chat - Mastercard & Cashfree Payments

Watch this fireside chat to understand how Card Tokenization can help your business stay RBI compliant.

Get all your questions answered!

Check-out our comprehensive guide on how Card-on-file Tokenization works and how Cashfree Payments can help you stay RBI-compliant!

Learn more

Frequently Asked Questions

Have more questions?

Visit our support page

Card Tokenization is the process of replacing sensitive card information like card number, card expiry with a cryptographically generated random string, referred to as the card token. Once a card is tokenized, the generated card token can be used for processing payments as a substitute to the actual card details like card number and card expiry and cvv thus eliminating the issue of loss of sensitive card information while making card payments.

  • Neither payment aggregators, payment gateways nor merchants cannot store card numbers on their servers even if they are PCI/DSS compliant
  • Card networks and Issuing banks can only store card numbers and offer token provisioning services to other entities in the payment industry
  • 30th June 2022 is the deadline for all entities to comply with the RBI circular

Any merchant offering the save card feature to their customers will have to do so by provisioning a token instead of saving the actual card number. Token Vault will help merchants to effortlessly migrate to the this RBI compliance requirement.

Yes, Token Vault helps you tokenize VISA debit and credit cards, and retrieve them whenever your customers try to access the saved cards.

Yes, Token Vault helps you tokenize Mastercard debit and credit cards, and retrieve them whenever your customers try to access the saved cards.

PCI/DSS compliant merchants have to delete the already saved cards with them as RBI does not allow bulk tokenization of cards. * Merchants who were saving the card number on their own servers, can simply integrate with Token Vault APIs of Cashfree Payments and continue processing saved cards after a one time authentication by customers. In this case Cashfree Payments will act as token requestor on behalf of the merchant. * Alternatively, merchant can also integrate with individual card schemes and become a token requestor themselves.

Cashfree Payments offers 2 types of checkout integrations
1) Standard Checkout & 2) Seamless Pro.

A. Merchants using Standard Checkout integration do not need to take any action. Cashfree Payments will automatically enable the saved card feature along with the ability to convert the card details ( as customers enter the card) to unique tokens and then further process tokenized cards received from card networks. Customers having their cards already saved on the merchant site, will have to enter the card details, and do a one time re-authentication for the first transaction on or after 1st July 2022 to continue using the saved card feature.

B. Merchants using Seamless Pro integration will have to update their APIs before 30th June 2022 to save and process card transactions. Check out API documentation. Once API has been updated, customers having their cards already saved on the merchant site, will have to enter the card details, and do a one time re-authentication for the first transaction on or after 1st July 2022 to continue using the saved card feature.

Merchants are allowed to store only the last 4 digits of the actual card number, card scheme and issuing bank name. They cannot store other details like card BIN, card expiry or CVV.

No, merchants will not be able to get the actual card number back from the tokenized cards. Only schemes and issuing banks will be able to do so.

No, explicit consent of customer is mandatory while provisioning token for the card.

If 2FA fails even after the customer had given consent to tokenize the card, merchants will not be able to provision token and save the card.

Yes, the token reference number of tokens provisioned through Cashfree Payments will be saved with us only. However, merchants can fetch the card network tokens from us and use them for payment on any other payment aggregator. It is not possible to migrate cards provisioned through Cashfree Payments on another payment gateway.

No, tokenization is limited only for card payments. All card payments like credit, debit, prepaid and corporate credit cards are impacted.

No, there is no impact as such on card payments where the customer enters the complete card number details. Only in cases where merchants or payment aggregators were saving cards, card tokenization will come into effect.