Tokenisation for Optimizer

Know how to save customer card details as tokens with multiple payment partners using Optimizer.

Tokenisation is the process by which the original card number / Primary Account Number (PAN) is replaced with a surrogate value called a token.

For example, you can securely save a customer's card details during the first transaction as a token. The customer does not need to re-enter the card details for the next transaction. They can provide the OTP and use their saved card to complete the transaction.

The advantages of using tokens are:

  • Faster checkout experience for the customers.
  • Reduction in payment failures due to incorrect card details.

According to the recent

, Payment Aggregators (PA)/ Payment Gateway (PG) and businesses cannot save their customers' card numbers and other card data on their servers.

Given below are some of the key takeaways from the guidelines:

  • Card networks and card issuers are the only parties that can now save plain text cards. Businesses, Payment Gateways and Payment Aggregators are no longer allowed to store actual customer card details.
  • To continue offering customers a 'saved card experience', businesses should adopt a tokenisation solution.
  • The token will not be visible to the cardholder. It will be managed between the Token Requestor and Network.
  • Customer consent and additional factor of authentication (AFA) is required for saving a card / creating a token. This can be clubbed with the same 2FA used during the first transaction.

Without tokenisation, your customers can not avail 'saved card experience' at checkout. Optimizer offers an end-to-end RBI-compliant solution that allows you to save customer credentials as tokens with card networks and issuing banks and process payments through any PA/PG. Customers can then use these tokens to make repeat purchases on your website without re-entering card details and you can process these payments through any PA/PG as per your business requirements.

Watch Out!

If you are using the saved card feature, you must redirect cards traffic to the supported gateways only. Know more about


Onboarding as Token Requestor

In this integration, you can choose to be a Token Requestor(TR) or work with Razorpay as the Token Requestor.

Data Localisation Guidelines

This integration complies with data localisation guidelines.

Tokenised payment processing on Optimizer occurs in two scenarios:

  1. When .
  2. When .

You can use Optimizer with Razorpay as Token Requestor and process payments on Razorpay and external gateways. Given below is the Optimizer Tokenisation flow when Razorpay is the Token Requestor.

Tokenisation flow first time

Given below is the first-time payment tokenisation flow:

  1. The customer initiates a payment.
  2. The customer consents to save a card on your website/app checkout.
  3. After completing the transaction successfully through Optimizer, we initiate the tokenisation request at checkout.
  4. The Card Network or issuing bank returns a unique token corresponding to the tokenisation request to the merchant through Razorpay.

Saved card payment Tokenisation flow

Given below is the saved card payment tokenisation flow:

  1. The customer initiates a payment using a saved card.
  2. We retrieve the token data from the token service provider automatically.
  3. Using the token data, Optimizer will process the payment through any of the selected payment gateways.
  4. The payment is initiated and processed using token data.

If the token is requested by the merchant or any other external gateway, the payment can be processed via Razorpay or external gateways.

External Tokenisation flow first time

Given below is the tokenisation flow when the merchant or external PA/PG is the Token Requestor:

  1. The customer initiates a payment using a saved card.
  2. The merchant retrieves the token data and passes it on to Optimizer.
  3. Optimizer passes the token data to the selected gateway.
  4. The payment is initiated and processed using the token data.

Watch Out!

If a merchant requests a token from a payment partner other than Razorpay and attempts to complete the transaction through another payment partner, please contact us at We'll assist you with the additional token attributes required by the payment partner to complete the transaction.

Was this page helpful?