Token Vault is India's first interoperable card tokenization solution that enables businesses to process customers' saved card payments securely while maintaining compliance with RBI (Reserve Bank of India) guidelines. The solution allows merchants to offer saved card functionality without storing sensitive card information on their platforms.
Token Vault supports tokenization for all major card types:
The solution works with all major card networks, ensuring comprehensive coverage for merchant payment processing needs.
As per RBI guidelines effective from October 1st, 2022, neither businesses nor payment aggregators can save customer card details on their platforms. Card details can only be saved by card networks or issuing banks.
Card tokenization is the process of replacing sensitive card information (card number, card expiry) with a cryptographically generated random string, referred to as the card token.
Once a card is tokenized, the generated card token can be used for processing payments as a substitute to card details, eliminating the risk of loss of sensitive card information while making card payments.
Token Vault is India's first interoperable card tokenization solution. If you are using multiple payment gateway platforms, you can use Token Vault as a single integration to process card payments across multiple payment gateways or card networks.
Cashfree Payments is a fully certified and compliant token requestor. The solution supports credit card tokenization, debit card tokenization, and helps process cards issued by all leading card networks.
Token Vault comes auto-enabled for merchants on standard checkout flow. Merchants on seamless flow can integrate Token Vault API with their platform with minimal integration effort. Once integrated, Cashfree Payments takes care of both saved card function and processing payments.
Cashfree Payments has an ecosystem of 16 million+ saved cards that readily helps provide a faster checkout experience to customers. Customers can simply select the saved card and pay directly just by entering the CVV of the card.
The Reserve Bank of India has issued specific guidelines regarding card tokenization:
Cashfree Payments offers two types of checkout integrations:
Merchants using Standard Checkout integration do not need to take any action. Cashfree Payments automatically enables the saved card feature along with the ability to convert card details (as customers enter the card) to unique tokens and then further process tokenized cards received from card networks.
Customers having their cards already saved on the merchant site will have to enter the card details and do a one-time re-authentication for the first transaction on or after July 1st, 2022 to continue using the saved card feature.
Merchants using Seamless Pro integration need to update their APIs to save and process card transactions. Once API has been updated, customers having their cards already saved on the merchant site will have to enter the card details and do a one-time re-authentication for the first transaction on or after July 1st, 2022 to continue using the saved card feature.
Token Vault provides credit card tokenization and debit card tokenization for VISA cards. Merchants can tokenize VISA debit and credit cards and retrieve them whenever customers try to access the saved cards.
Token Vault provides credit card tokenization and debit card tokenization for Mastercard. Merchants can tokenize Mastercard debit and credit cards and retrieve them whenever customers try to access the saved cards.
Cashfree Payments operates under proper regulatory authorization:
Once tokenization is in place, merchants are allowed to store only:
Merchants cannot store other details like:
Explicit consent of the customer is mandatory while provisioning a token for the card. Merchants cannot provision card network tokens without taking consent from the customer.
If 2FA fails even after the customer has given consent to tokenize the card, merchants will not be able to provision the token and save the card.
As a merchant, you can use Token Vault's interoperability to securely process card payments across multiple payment gateway platforms and card networks.
The token reference number of tokens provisioned through Cashfree Payments will be saved with Cashfree Payments only. However, merchants can fetch the card network tokens from Cashfree Payments and use them for payment on any other payment aggregator. It is not possible to migrate cards provisioned through Cashfree Payments to another payment gateway.
Merchants will not be able to get the actual card number back from the tokenized cards. Only card schemes and issuing banks will be able to retrieve actual card numbers.
PCI/DSS compliant merchants have to delete already saved cards as RBI does not allow bulk tokenization of cards. Merchants who were saving card numbers on their own servers can integrate with Token Vault APIs of Cashfree Payments and continue processing saved cards after a one-time authentication by customers. In this case, Cashfree Payments will act as token requestor on behalf of the merchant. Alternatively, merchants can integrate with individual card schemes and become a token requestor themselves.
Tokenization is limited only to card payments. All card payments including credit, debit, prepaid, and corporate credit cards are impacted.
There is no impact on card payments where the customer enters the complete card number details. Only in cases where merchants or payment aggregators were saving cards, card tokenization will come into effect.
Tokenization does not affect any other payment mode other than cards.
Card Tokenization is the process of replacing sensitive card information like card number and card expiry with a cryptographically generated random string, referred to as the card token. Once a card is tokenized, the generated card token can be used for processing payments as a substitute to the actual card details like card number, card expiry, and CVV, thus eliminating the issue of loss of sensitive card information while making card payments.
Token Vault is a card tokenization solution. Any merchant offering the save card feature to their customers will have to do so by provisioning a token instead of saving the actual card number. Token Vault will help merchants to effortlessly migrate to this RBI compliance requirement.
Token Vault is India's first interoperable card tokenization solution. As a merchant, you can use Token Vault's interoperability to securely process card payments across multiple payment gateway platforms and card networks.
Yes, Token Vault provides credit card tokenization and debit card tokenization. You can tokenize VISA debit and credit cards, and retrieve them whenever your customers try to access the saved cards.
Yes, Token Vault provides credit card tokenization and debit card tokenization. You can tokenize Mastercard debit and credit cards, and retrieve them whenever your customers try to access the saved cards.
PCI/DSS compliant merchants have to delete the already saved cards with them as RBI does not allow bulk tokenization of cards. Merchants who were saving the card number on their own servers can simply integrate with Token Vault APIs of Cashfree Payments and continue processing saved cards after a one-time authentication by customers. In this case, Cashfree Payments will act as token requestor on behalf of the merchant. Alternatively, merchants can also integrate with individual card schemes and become a token requestor themselves.
Cashfree Payments offers 2 types of checkout integrations: 1) Standard Checkout and 2) Seamless Pro.
A. Merchants using Standard Checkout integration do not need to take any action. Cashfree Payments will automatically enable the saved card feature along with the ability to convert the card details (as customers enter the card) to unique tokens and then further process tokenized cards received from card networks. Customers having their cards already saved on the merchant site will have to enter the card details and do a one-time re-authentication for the first transaction on or after July 1st, 2022 to continue using the saved card feature.
B. Merchants using Seamless Pro integration will have to update their APIs before June 30th, 2022 to save and process card transactions. Once API has been updated, customers having their cards already saved on the merchant site will have to enter the card details and do a one-time re-authentication for the first transaction on or after July 1st, 2022 to continue using the saved card feature.
Merchants are allowed to store only the last 4 digits of the actual card number, card scheme, and issuing bank name. They cannot store other details like card BIN, card expiry, or CVV.
No, merchants will not be able to get the actual card number back from the tokenized cards. Only schemes and issuing banks will be able to do so.
No, explicit consent of customer is mandatory while provisioning token for the card.
If 2FA fails even after the customer had given consent to tokenize the card, merchants will not be able to provision token and save the card.
Yes, the token reference number of tokens provisioned through Cashfree Payments will be saved with Cashfree Payments only. However, merchants can fetch the card network tokens from Cashfree Payments and use them for payment on any other payment aggregator. It is not possible to migrate cards provisioned through Cashfree Payments on another payment gateway.
No, tokenization is limited only for card payments. All card payments like credit, debit, prepaid, and corporate credit cards are impacted.
No, there is no impact as such on card payments where the customer enters the complete card number details. Only in cases where merchants or payment aggregators were saving cards, card tokenization will come into effect.
Cashfree Payments provides comprehensive educational resources on card tokenization:
Cashfree Payments enables 1 Million+ growing businesses in India and across the globe to collect payments, make payouts, manage international payments, and more. Cashfree Payments is backed by SBI, Y Combinator, Krafton, and Apis partners and was incubated by PayPal.