The recent RBI guidelines around card tokenisation have raised a number of questions and caused a great deal of confusion and uncertainty. As of July 2022, businesses and payment gateways/payment aggregators will no longer be able to save the card data of their customers. However, RBI has presented an alternative, allowing businesses to provide their customers the same saved card experience in the form of ‘tokens’.
Saved card data, if not securely stored, can be vulnerable to data breaches. There has been an alarming increase in the number of data breaches over the last decade. These data breaches directly lead to instances of card fraud, resulting in dwindling public trust in cards as a payment method.
This negative perception around card payments also casts a shadow over online transactions as a whole. This is why the RBI has stepped in to issue guidelines on card tokenisation and nip any negative sentiments in the bud.
These guidelines focus on improving the security and safety around card transactions, thus restoring public confidence in online transactions, and safeguarding cardholders’ interest to ensure that the digital economy can grow unhindered.
By mandating the tokenisation of card data, RBI has allowed businesses to continue offering their customers a seamless checkout experience while ensuring maximum security.
What will be the impact of tokenisation on your customers?
Around 30% conversions on cards happen through saved cards. Additionally, as much as 32% of failed transactions are never reattempted. By saving card details businesses have been ensuring;
- A seamless checkout experience for their customers, leading to lower drop offs
- Elimination of failed transactions due to inputting of incorrect card details
Cardholders have long enjoyed the convenience of a saved-cards checkout, however, they are also wary of saving card details on third-party websites. While they might trust a few websites or payment gateways with such sensitive information, in most scenarios they do not feel comfortable saving their card details, and they shouldn’t! This fear is grounded in the reality of data breaches and credit card frauds that have plagued us for more than a decade now.
With card tokenisation consumers no longer need to fear saving their card details. There will be no change in the cardholder experience, except for an AFA, or consent that will be collected for tokenisation.
What about the cards that are already saved?
RBI guidelines stipulate that businesses and payment processors will need to delete all saved cards by or before June 30th, 2022.
The good news is that businesses can start tokenising cards right away with Razorpay TokenHQ, India’s first multi-network tokenisation solution.
Once you have integrated with TokenHQ, you can use every subsequent transaction to collect consent for tokenisation from your customers. This consent can be combined with the transaction itself.
Thus, if a customer makes a transaction using a saved card, the same transaction can also be used to collect consent for tokenisation in the form of an AFA. The faster you integrate with TokenHQ, the more likely you are to retain a vast majority of the cards already saved at checkout. Once the deadline for card tokenisation arrives, you will be adequately prepared.
Busting myths around tokenisation
1. Tokenisation will be complex and difficult to implement:
Businesses that are on standard and custom checkout will have to make zero changes on their end. Razorpay TokenHQ will be auto-enabled for you, so sit back and relax, while we do all the heavy lifting!
For businesses on S2S checkout, you can easily integrate with our developer-friendly REST APIs.
2. “If I adopt Razorpay TokenHQ, I will have to use the Razorpay PG”
Untrue! We are flexible across multiple payment gateways, so you don’t have to change your existing payment flows.
3. Tokenisation will be expensive for businesses:
TokenHQ will be a free upgrade for all standard and customer checkout businesses. However, we will charge a small fee for transactions made through saved cards for S2S businesses.
Do you want to know how you can implement card tokenisation for your business? Please reach out to: firstname.lastname@example.org for more information, or get in touch with your respective Account Manager if you are already a Razorpay merchant.