RBI guidelines and Tokenisation: All you need to know

Plural Online by Pine Labs

RED ALERT! Cart abandonment rates in India are as high as 75% in some industries! That’s a HUGE loss for businesses. Why are we talking about this? Read on to know.

Did you know that credit card users spend 21 times more than debit card users? Did you also know that the size of Indian credit card transactions online is twice the size of an offline swipe, on average? The new mandate by the Reserve Bank of India on card tokenisation is crucial for almost every debit & credit card user to take note of. For businesses serving a large number of customers daily, a seemingly “small” policy change, new compliance issued, or a government mandate can have huge repercussions. It could cause disruptions that leave businesses struggling to cope and, thereby a possible impact on revenue or, worse, legal implications for those non-compliant.

What is the Reserve Bank of India (RBI) Mandate on card tokenisation?

To ensure greater security for end customers and lower the risks of cyber-crimes, the Reserve Bank of India (RBI) passed a mandate prohibiting businesses, payment gateways, and payment aggregators from storing customer card details on their servers. The deadline, which was earlier set to 30 June 2022, has now been extended to 30 Sep 2022, giving businesses more time to make the required changes. The RBI has only permitted card networks to store card details while all stakeholders, including businesses, payment gateways, and payment aggregators, must adopt the tokenisation guidelines and have compliant solutions in place by the deadline.

With tokenisation, a customer’s card details would be masked behind a token, facilitating transactions only through the token.

Impact of the RBI Mandate on businesses

Businesses will need to partner with card networks or leverage payment aggregators to have a ‘save card details’ feature for existing and future customers. What’s the link with the ‘save card details’ feature and customer experience, you ask? With this feature, customers can skip the hassle of inputting their credit/debit card details every time they make a purchase, leading to lower drop offs at checkout and greater customer experience.

India has 900 million debit cards and 65 million credit cards used for 15 million daily transactions! As per a joint report by PhonePe and the Boston Consulting Group, India’s digital payment market is expected to more than triple to $10 trillion by 2026. A disruption to such an industry could have mammoth repercussions on businesses, revenue & ultimately, GDP (source).

Digital payments have triggered and sustained economic growth, especially through the trying times of the pandemic… While RBI’s intent is to protect consumer interest, the challenge on ground pertains to implementation,” as per the CII.

While large banks like HDFC & ICICI are equipped to cope with the mandate change, many businesses like yours may not have the expertise, the know-how, or the digital infrastructure to do so. According to CII’s Media and Entertainment Committee, this could lead to 20–50% of revenue losses for businesses that fail to comply by the deadline.

Impact of the RBI Mandate on customers

Not just businesses, an estimated 5 million customers who have stored their card details on e-commerce and online stores could also face difficulties if the online platforms/businesses they frequently visit have not made the changes to their backend.

Imagine that for each purchase customers make, they need to input the card number, name, expiry date, CVV and 2FA. This hassle may cause customers to abandon cart & drop off if the business has not made the changes on the backend.

So, what can you do as a business? Enter Plural…

The Power of Plural’s tokenisation

Plural’s Tokeniser is one of the first solutions that is completely & fully equipped to help businesses make this switchover. Plural’s Tokeniser saves the card details with the card network directly without compromising on speed to access. Tokeniser enhances the authentication and security standards for movement of card data between entities.

What does this mean for you as a business?

Enhanced levels of security to build trust among your customers: With a dynamic cryptogram for every online transaction, you can assure your customers of tighter security. With this process, even if fraudsters were to somehow steal customers’ data from chip transactions, it would be impossible to create counterfeit cards and have fraudulent transactions authorised in a chip or magnetic stripe environment.

Interoperability feature: For businesses that use multiple payment gateways, the interoperability feature will enable them to process tokenised card transactions across any payment gateway and card network of their choice.

Other benefits of Plural Tokeniser:

  • Better approval rates
  • Consistent user experience
  • Outsourcing of security risks for businesses
  • Real-time access, whenever, wherever
  • Complete protection from card-related sensitive breaches

Use cases of Plural Tokeniser

  1. Where Plural Tokeniser is used with another payment aggregator to process payments.

When a consumer initiates purchase on an online transaction with consent to save card, post successful authentication and authorisation, Plural Tokeniser integrates with the respective network to tokenise the card and notifies the token reference to merchant. Payment processing of the tokenised card can be done by any of the merchant specific payment aggregator and merchant will work with Plural Tokeniser to get the token related information like token, cryptogram and expiry.

2. Where Plural Tokeniser is used with Plural as the payment gateway.

When a consumer initiates purchase on an online transaction with consent to save card, post successful authentication and authorisation, Plural Tokeniser integrates with the respective network to tokenise the card and notifies the token reference merchant. Payment processing of the Tokenised card can be done by Plural in conjunction with Plural Tokeniser to get the token related information like token, cryptogram and expiry.

3. Where Plural Tokeniser can be used as a payment gateway with a third-party / external token service.

When a consumer initiates purchase on an online transaction with consent to save card, post successful authentication and authorisation, the external token service integrates with respective network to tokenise the card and notifies the token reference merchant. Payment processing of the tokenised card can be done by Plural and the merchant will work with the external token service to get the token related information like token, cryptogram and expiry.

With the September deadline approaching we’re here to help you gear up for the future. Write to us at pgsupport@pinelabs.com to know more about Plural Tokeniser.

Plural by Pine Labs has received an in-principle authorisation from the Reserve Bank of India (RBI) to operate as a Payment Aggregator.

1

Scroll to Top