PayU –a leading online payment service provider, had made the announcement of launching its own tokenization solution –referred to as ‘PayU Token Hub.’ The given tokenization solution will be aimed at helping businesses to comply with the latest guidelines of RBI (Reserve Bank of India) with respect to online card data-centric storage. At the same time, the solution will also be helping issuing banks to generate the respective tokens effectively.
The solution has been designed by Wibmo and PayU. Wibmo is a full stack global-level PayTech company owned by PayU. Moreover, the service has also been designed with the help of partnerships with major card networks including MasterCard and Visa and famous issuing banks. The solution is committed to offering both issuer tokens and network tokens under a single hub.
Manas Mishra –Chief Product Officer at PayU India explains that the company welcomes the all-new guidelines by RBI. This is because the guidelines are helpful in empowering the customers while ensuring safer transactions. PayU is known to have the most innovative as well as robust solution with respect to managing easy compliance with the given set of guidelines for all players in the given ecosystem.
An Insight into PayU Token Hub
PayU Token Hub serves to be fully interoperable. It helps in offering access to the best-available networks as well as issuer tokens for user cases related to card-on-file that can be extended to device-tap-and-pay functionality. It will deliver the assurance that famous payments use cases like subscriptions, EMIs, and instant refunds. Moreover, they also help with providing engines relying on card numbers to ensure seamless transactions.
Powered with the help of Wibmo, PayU Token Hub has been developed to serve as the interoperable plug-and-pay solution. It helps in enabling card-on-file along with device tokenization with the help of just one integration point. The characteristic two-pronged service is made available for all merchants. It even includes the 3.5 lakh merchants of PayU along with 65 issuers that are supported by Wibmo.
Businesses can look forward to easily enabling PayU Token Hub with minimal technical modifications while continuing to provide the best-available payment experiences to the customers. Moreover, businesses can also ensure that the payments remain compliant with the latest guidelines.
PayU Token Hub and Wibmo
Wibmo is known to power some of the large issuer ecosystem of more than 65 banks across the country for the respective payment security and authentication services. In the given scenario, PayU Token Hub will be helping the issuers in supporting the latest tokenization guidelines in a quick and seamless fashion for complying with the latest RBI mandate. It will also help in supporting the RBI vision of the protection of the consumers’ interests. It is difficult to come across any other player in the market having such a robust combination of issuer and network tokens.
RBI has mandated that only networks and banks will be given allowance to store customer-centric card data. It is to be in effect from 1st January 2022. This implies that businesses will no longer be able to store information related to customer cards. Storage of credit card details remains at the core of the payment experiences of the consumers. As customers are not expected to enter card detail every time they shop online, it only speeds up the online shopping process. However, now, online growth of businesses might get hampered.
While the ongoing guidelines are with respect to card data storage, PayU Token Hub aims at expanding soon enough to allow customers to safely store as well as create tokens through different payment modes including Net Banking, contactless device-based payments, and UPI.
Importance of Tokenization for Merchants and Retailers
As the digital payment ecosystem in India continues advancing in different forms of technologies –from cards to mobile banking, internet services, wallets, POS (Point of Sale), and UPIs, the concept of tokenization is becoming increasingly popular in recent times.
For the beginners, tokenization can be regarded as the replacement of traditional card details of the customers with some alternate code –referred to as a token. The token remains unique to every card. The token requestor (the entity like the merchant who is accepting customer requests for tokenization while sharing the same with the concerned card networks like Visa, MasterCard, and so more) to issue the given token.
Card networks feature customers and banks on the issuing end. Moreover, banks & payment gateways or even aggregators remain on the acquiring end. Acquiring end is known to function with retailers and merchants. In case the bank or payment gateway on the acquiring end wish to process a transaction, they will send it back to the card network. The network will then check with the bank on the issuing end for the availability of credit in the account of the customer for debiting the same. The amount is then transferred to the acquiring end. The given end-to-end transaction will only take around less than a second to implement.
In the given scenario, tokenization request is initiated by the owner of the card. The network will be then issuing the token after receiving consent from the card issuer or the bank. The RBI (Reserve Bank of India) had earlier put restrictions on tokenization to tablets and mobile phones. However, the same restrictions have been expanded to desktops, laptops, wearable IoT (Internet of Things) devices, and so more.
In September, the Reserve Bank of India had extended the overall scope of tokenization from the concept of device-based to the card credentials of the customers. It is referred to as the CoF or Card-on-File tokenization service. The central bank had also given allowance to banks or credit card issuers to provide tokenization services with proper customer consent along with AFA or Additional Factor of Authentication. Earlier, only specific card networks were given allowance.
The main reason for the given two modifications as cited by the Reserve Bank of India was the overall risk to the security of card-centric data.