Make Your Business More Secure And Future Ready With Worldline Tokenisation Solution

To boost greater customer confidence in cards as a payment method and encourage adoption of digital payments, the Reserve Bank of India (RBI) recently came up with Tokenisation guidelines. From a long-term perspective, these guidelines will be very beneficial for all the stakeholders involved (from customer to merchant to acquirers/aggregators to card payment network to issuer) in the payment ecosystem.

So, what are the latest Tokenisation guidelines by RBI? What are the positives of Tokenisation on your business?

We’ll tell you everything about the recent guidelines, positives for online businesses, and how Worldline will help you become compliant with the latest norms.  

What are the new Tokenisation guidelines by RBI?

The Reserve Bank of India (RBI) on September 7th, 2021, announced new digital payment guidelines to card-on-file tokenisation services. Apart from building customer confidence in card as a payment method, these guidelines will also help to prevent online fraud by helping keep the critical financial information of customers secure from card data breaches.

Here are the new guidelines –

• The new guidelines restrict any merchant/Payment Aggregator/Payment Gateway from vaulting card data at their end except for the limited purpose of transaction tracking.
• All existing card vaults would need to be purged, by June 30th, 2022. (extended deadline, as per the new circular issued by RBI on December 23rd, 2021)
• The alternative to Card On File (COF) is the Card On File Tokenisation (COFT) solution.
• Only Card Schemes and Card Issuers would be allowed to offer CoFT
• Card Schemes or Issuers are only allowed to offer Tokenisation services for their own set of cards, and hence to tokenise the entire card base multiple tie-ups are required.

So, what is Tokenisation and how does it work?

To tell you briefly, Tokenisation is the process of protecting sensitive data by replacing it with an algorithmically generated surrogate number called a token. These tokens are issued and utilized subsequently to safeguard real card credentials. It is passed through the internet or the various wireless networks to process the payment without actual card details getting exposed. The card number is held safe in a secure network token vault.

The process of tokenisation -

• The cardholder can get the card tokenised by initiating a request on the merchant application, and explicitly providing their consent for tokenisation.
• The tokens are generated and issued by card schemes/issuers. They will act like Token Service Providers (TSPs) and will facilitate card data protection and security. The tokens are mapped with underlying card credentials and stored in a secured card vault at TSP’s end.
• The token requestor will forward the request to the card network, and with the consent of the card issuer, the TSP will provision and issue a token for the combination of a card/token requestor.
• When users enter their card details on the merchant payment page, the Merchant/TR sends a request for Token provisioning. The TSP on receipt will first request verification of the data from the customer’s bank. When the data gets verified, a token unique reference number gets generated and is sent back to the TR/Merchant.
• Tokenisation of card data will be done with explicit customer consent requiring Additional Factor of Authentication (AFA) validation by the card issuer.

What are the positives of Tokenisation on your business?

The latest guidelines on Tokenisation will not only open all possibilities to reach new customer base currently not using card as payment mode but also helps your business improve data security.

Tokenisation will also help from the point of data capture to storage, as it eliminates the actual storage of credit card numbers and minimizes the impact of security breaches.

How can Worldline help you to be compliant with new guidelines?

Worldline’s new Tokenisation solution will help you adopt the new guidelines seamlessly. This solution will ensure compliance with the latest guidelines and visibility for your business

Worldline Tokenisation solution is tailor-made for businesses like yours. It has the highest coverage as you can integrate all payment networks and issuers directly. You can provision, manage tokens and customer’s consent from a single interface.

Worldline’s Full-Service Tokenisation Solution offers a holistic solution covering both pass-through and bundled mode of operations. Pass through mode supports interoperability, and bundled offering provides end to end service coverage including token provisioning, management and not limited to tokenised transaction processing.

Here are three key advantages of Worldline Tokenisation solution you need to know:

a. Highest Coverage across payment networks and issuing banks

Worldline Tokenisation Solution has partnered with all major card networks including Visa, Mastercard, RuPay, Amex as well as all leading issuing banks. It supports the issuance and management of both issuer and network tokens utilizing a single interface.

b. A Single Solution That Connects To Different Networks - Visa, Mastercard, Rupay, Amex

It is a single solution that connects to different networks viz. Visa, MasterCard, RuPay, and Amex.

A full-stack solution with token provisioning and authorisation support with very few modification/development efforts in existing integration. The solution comes with both immediate/one-time payments and recurring payments (SI on cards) support. Thus, ensuring an end-to-end frictionless payment journey and enhanced customer experience.

c. Future-ready solution

Worldline Tokenisation Solution is an advanced/state-of-the-art solution that is fully compliant to the new COF guidelines and will ensure highest degree of data security and protection. It will also ensure continuity for your business growth without a glitch, making your business safe, secure and future-ready.

Let’s see the difference in the way your business makes transactions with and without Worldline Tokenisation solution.

Step 1: The payment checkout screen 

The left side shows an interface without Worldline Tokenisation Solution. The right side shows the interface with Worldline Tokenisation Solution.

Customers need not enter their payment details again as the card details are already saved with Worldline Tokenisation Solution.

Step 2: Difference in entering details

The left side shows an interface without Worldline Tokenisation Solution. The right side shows the interface with Worldline Tokenisation Solution.

Your customer must make the effort of adding payment details if you do not use Worldline Tokenisation Solution. If you use Worldline Tokenisation Solution, your customer sees a saved card details, all they must do is authenticate.

Using Worldline Tokenisation Solution will increase success rates of transactions along with an improved customer experience.

Clarify all your doubts with the latest tokenisation guidelines from Jagdish Kumar, VP – Product & Technology here

Final Thoughts

These new norms may influence your business in the short term, but in the long term it will help to grow and make the overall payments experience seamless, frictionless, consistent, safer and secure.

Additional FAQs

What Will Happen to Cards Data Already Saved by Companies?

All businesses have to migrate to a compliant solution by 30th June 2022 (extended deadline), and not store this data from 1st July 2022 onwards. Only card data obtained after due customer consent and Additional Factor Authentication (AFA) can be kept with a compliant partner from 1st July 2022 onwards.

What are the benefits of tokenisation?

Card Tokenisation safeguards customers’ card data, thereby reducing the possibility of data breaches or card frauds.

Fewer instances of card fraud leads to greater customer confidence in cards as a payment methods and in digital payments as a whole. From a long-term perspective, these guidelines are very beneficial.

What information can merchants continue to store?

Merchants can continue to store the last 4 digits of the actual card number and a card issuer name for tracking/analytical purposes

Is customer consent required for saving / creating a token?

Yes, Customer consent and additional factor of authentication (AFA) is required for saving a card / creating a token. This can be the same 2FA used during the first transaction

Can this token be used along with other payment gateways?

The tokens provisioned through Worldline tokenisation solution can be used for processing payments via other Payment Aggregators/Gateways as well without any change in integrations.

Whom Does the Onus Rest On for Implementing Tokenisation?

Both payment networks and issuing banks are permitted to tokenise cards going forward from 1st July, 2022. For example, if a customer has an HDFC Visa credit card, either Visa or HDFC can tokenize the card- both are permitted to do so. However, Visa cannot tokenize a MasterCard, and HDFC cannot tokenize cards issued by other banks.