Tokenization - Express checkout card vault merchants

This guide is scoped to merchants who uses Juspay express checkout and card vault

RBI mandate on card storage

RBI guideline has mandated that from Jan 2022 the only way to store cards is via Tokenization.
Juspay's tokenization platform is integrated with the Major Networks - VISA, MasterCard & Rupay, and is ready to transition you to token based transactions.

Through the document, we will go over the user flows impacted by the guideline and the changes that merchants need to do in order to get tokenization enabled.

Below are the key mandates by RBI on Tokenization:

  • Token should be unique to Customer, Card, Token Requestor and Merchant
  • Explicit Consent and AFA is mandatory before Token generation
  • Only last 4 digits of a card & issuer name can be stored by Merchants, PA/PGs
  • Merchant must give cardholder an option to de-register

Tokenization solution: How and Why

Tokenization is the process by which the Card Number is replaced with a surrogate value called Token. This token is scoped to a Merchant, Customer & Token Requestor ensuring a more secure payment experience. Every entity to the left of Network will transact using a token and the entities to the right will have card details. Each token is also unique to the Network provider.


Tokenization flow