What is Tokenisation?

Tokenisation is the process by which the original card number / Primary Account Number (PAN) is replaced with a surrogate value called a token.

For example, you can securely save a customer's card details during the first transaction as a token. The customer does not need to re-enter the card details for the next transaction. They can provide the OTP and use their saved card to complete the transaction.

The advantages of using tokens are:

• Faster checkout experience for the customers.
• Reduction in payment failures due to incorrect card details.

RBI Guidelines on Tokenisation

According to the recent

Given below are some of the key takeaways from the guidelines:

• Card networks and card issuers are the only parties that can now save plain text cards. Businesses, Payment Gateways and Payment Aggregators are no longer allowed to store actual customer card details.
• To continue offering customers a 'saved card experience', businesses should adopt a tokenisation solution.
• The token will not be visible to the cardholder. It will be managed between the Token Requestor and Network.
• Customer consent and additional factor of authentication (AFA) is required for saving a card / creating a token. This can be clubbed with the same 2FA used during the first transaction.

Optimizer Card Tokenisation Solution

Without tokenisation, your customers can not avail 'saved card experience' at checkout. Optimizer offers an end-to-end RBI-compliant solution that allows you to save customer credentials as tokens with card networks and issuing banks and process payments through any PA/PG. Customers can then use these tokens to make repeat purchases on your website without re-entering card details and you can process these payments through any PA/PG as per your business requirements.

Payment Processing on Optimizer

Tokenised payment processing on Optimizer occurs in two scenarios:

1. When

   Razorpay is a Token Requestor(TR)

   .
2. When

   External PA/PG or Merchant is a Token Requestor(TR)

   .

When Razorpay is a Token Requestor(TR)

You can use Optimizer with Razorpay as Token Requestor and process payments on Razorpay and external gateways. Given below is the Optimizer Tokenisation flow when Razorpay is the Token Requestor.

Example of First-time Card Payment Flow

Given below is the first-time payment tokenisation flow:

1. The customer initiates a payment.
2. The customer consents to save a card on your website/app checkout.
3. After completing the transaction successfully through Optimizer, we initiate the tokenisation request at checkout.
4. The Card Network or issuing bank returns a unique token corresponding to the tokenisation request to the merchant through Razorpay.

Example of Saved Card Payment Flow

Given below is the saved card payment tokenisation flow:

1. The customer initiates a payment using a saved card.
2. We retrieve the token data from the token service provider automatically.
3. Using the token data, Optimizer will process the payment through any of the selected payment gateways.
4. The payment is initiated and processed using token data.

When External PA/PG or Merchant is a Token Requestor(TR)

If the token is requested by the merchant or any other external gateway, the payment can be processed via Razorpay or external gateways.

Example Flow

Given below is the tokenisation flow when the merchant or external PA/PG is the Token Requestor:

1. The customer initiates a payment using a saved card.
2. The merchant retrieves the token data and passes it on to Optimizer.
3. Optimizer passes the token data to the selected gateway.
4. The payment is initiated and processed using the token data.

Supported Payment Gateways

Related Information

• APIs

• Webhooks

• Tokenisation FAQs