Card token payment process

01
Customer

Customer initates a purchase on a website/app via the Saved Card feature

02
Plural Tokeniser

Encrypts the sensitive card details into a ‘Token’ that is mapped to a business and the actual saved card network.

03
Business

Collects the token and Token authentication verification value (TAVV) from the Token Requestor as per customer's request for authorisation

04
Acquiring bank

Processes token to the card network

05
Card network

Converts token to PAN and passes it to the issuing bank

06
Issuing bank

Authorises the request and sends a response to the card network

RBI - compliant card tokenisation solution for zero business disruptions

As per RBI guidelines, businesses and payment aggregators are prohibited from storing customer card details. Plural's card tokenisation solution replaces sensitive customer data with a token, making businesses 100% RBI compliant.

Saved cards feature for faster
customer checkout

Offer repeat customers the option to save card details for faster checkout and seamless customer experience.

Our Library


Plural Tokeniser Demystified: Everything you need to Know about tokenisation!

RBI recently published a mandate that Merchants, Payment Gateways(PGs) and Payment Aggregators(PAs)

Read more

RBI guidelines and Tokenisation: All you need to know

RED ALERT! Cart abandonment rates in India are as high as 75% in some industries! That’s a HUGE loss for..

Read more

Payment gateway security: 7 ways to secure your payments

A report by Business Standard stated that, on average, 100 million online transactions are conducted

Read more

Frequently asked questions

What is the RBI guideline regarding card tokenisation?

What is tokenisation?

How does card tokenisation work?

Who can save cards as per RBI guideline?

Is customer consent required for saving cards?

What is the RBI guideline regarding card tokenisation?

To ensure greater security for end customers and lower the risks of cyber-crimes, the Reserve Bank of India (RBI) passed a mandate prohibiting businesses, payment gateways, and payment aggregators from storing customer card details on their servers.

What is tokenisation?

Tokenisation is the process where the 16-digit card number is replaced with a random proxy value called a token. The relationship between the token number and the original card number is stored in a vault owned by either the card network or the issuing bank.

How does card tokenisation work?

With tokenisation, a customer’s card details are masked behind a token, facilitating transactions only through the token. These tokens are managed between the token requestor and the network. Tokeniser allows customers to store their card details securely for quick checkout.

Who can save cards as per RBI guideline?

The RBI has only permitted card networks to store card details while all stakeholders including businesses, payment gateways, and payment aggregators must adopt the tokenisation guidelines and have a compliant solution in place.

Is customer consent required for saving cards?

Yes, customer consent and additional authentication (AFA) is required for saving a card / creating a token.

Scroll to Top