Integration Guide

What is Tokenization?

Suggest Edits

Tokenization protects sensitive data by creating an identifierΒ thatΒ maps back to the sensitive data but does not haveΒ anyΒ intrinsic value.Β 

RBI Guidelines

According to the RBI circular, you must be using tokenization to save card details on your website starting 1st January 2022. For more information, refer to the Tokenisation – Card Transactions: Permitting Card-on-File Tokenisation (CoFT) Services circular.

In a card context, it replaces the actual card number with a dummy reference ID.

PayU’s interpretation of RBI guidelines

  • Only Issuers & PaymentΒ Networks are allowed to storeΒ customer card data. ​
  • Limited data can be storedΒ by non-paymentΒ entitiesΒ (Bank Name,Β  LastΒ 4 digits of card)​
  • Every token to be storedΒ withΒ customer consent (AFA)​
  • Customers should be able toΒ manage their details onΒ business and Issuing bankΒ platforms​
  • Every token is unique to a user, card, and the merchant
  • Existing data migration is notΒ possible

Who can Tokenize Cards?

As per the currentΒ RBI guidelines,Β tokensΒ canΒ be createdΒ with either the networksΒ or the issuing bank.Β 

For example, Mr.Β John Doe has anΒ HDFC VISA Signature credit card. This card can be tokenizedΒ by VISA (VTS or Visa Token Service) or by HDFC through its proprietary token service.Β Β 

PayU is working with bothΒ theΒ networksΒ and issuers to be able to provide tokenization to its merchants.Β 

PayUΒ Solution

PayUΒ will provide both network tokens and issuer tokens for its merchantsΒ along withΒ other suites of products to maintain and manage theΒ vaultΒ services:

  • Network Tokens: Network tokens are virtual payment cards created by the payment schemes (VISA,Β Mastercard), and they replace the original card in the digital space. This allows for several network tokens to be created per card, and they function in the same way as the original card when storing and transacting with them.Β 
  • Issuer Tokens: Issuer tokens are virtual payment cards created by the card-issuing bank, and they replace the original card in the digital space. However,Β these tokens are not understood by the network schemes

Updated 6 months ago