Neeraj Singh

Card networks aim to enhance domestic card-not-present (CNP) (ecomm) tokenized transactions by making them faster, safer, and more secure. With tokenization, merchants processing transactions on credit cards no longer need to collect CVV for domestic online transactions initiated with tokenized credentials. CVV is only required during initial token provisioning. Once it is Tokenized, the Token along with the Cryptogram serves the purpose. 1/ Tokenized transactions use two factor authentication and encrypted tokens, replacing actual card details. 2/ They are secured with a Token Authentication Verification Value (TAVV) cryptogram for cardholder initiated payments. 3/ Since card networks (e.g., Visa, MasterCard, RuPay) do not transmit CVV to the issuing bank, it cannot be verified, and transactions proceed even if an incorrect CVV is entered. 4/ This approach reduces user friction and increases convenience, as CVV verification is deemed unnecessary for tokenized cards, given the enhanced...

Problem Statement: As a customer, whenever you saved your card in the early days, merchants used to save this data in an encrypted format and use it whenever you visited the merchant website again. But in the past, there have been many instances of data theft. Solution: RBI proposed a solution to tokenize card details so that the original card information cannot be used. RBI mandated that no one apart from the issuer and card network can store the data. Not only this, they also required all existing card details to be deleted. Who can Create the Token: It is formally referred to as the TSP (Token Service Provider). A TSP can either be the card network (Visa, Mastercard, Amex, Diners, etc.) or the issuer. The most commonly used TSP currently is the card network. Storing of the Card Details (Original PAN): Apart from the card network and the issuer, no one in the payment chain is allowed to store the original card number (PAN). Token Provisioning: You visited Amazon.in (the merchant webs...

   On July 28, 2022, the RBI issued a notification under Payment and Settlement Systems regarding restrictions on the storage of actual card data: “ No entity in the card transaction/payment chain, other than the card issuers and/or card networks, shall store CoF (Card on File) data, and any such data stored previously shall be purged. ” Let us try to understand the basic flow of this awesome security feature in the simplest form ever.  When making a payment using your credit card on a merchant website, you may have noticed an option to save your card information. By selecting this option, you are giving the merchant consent to tokenize your actual card number and store it. This allows you to avoid entering your full card number again for future transactions. But what if you do not want your card information stored, even if it is tokenized? In that case, you will need to enter your card details each time you make a purchase. This is known as acting as a "guest," hence the...

The way we speak in a certain language to make our life easier by communicating with each other, payments also have various languages. For Card Payment it is ISO8583. This language keeps the Card Payment world connected with each other. Let us try to understand the basic structure of this beautiful language in the simplest form ever.  Imagine an ISO8583 message as a structured sentence where different parts tell a story about a transaction. Each message is made up of 1/  MTI (Message Type Indicator) - Like a title it tells you what type of message it is (e.g. a payment request) 2/  Bitmap - A map that shows which parts of the message are included 3/  Data Elements - The actual details of the transaction like the card number, amount and date etc Detailed Explanation 1/ Reading the MTI (Message Type Indicator) The MTI is a 4 digit code that specifies the type of message. For example, 0200 indicates a financial transaction request (authorization) 1.1/ Br...

  While making an online payment, have you ever seen any of the above logo on the OTP page, depending on the card network you use? Visa - Verified by Visa Mastercard - Mastercard SecureCode American Express (Amex) - Safekey Discover and Diners Club International (DCI) - ProtectBuy Have you ever wondered what these mean? All of them are the proprietary names given by their own networks. Basically they are the 3D Secure protocol.😀 Let us decode them today in this article in the simplest form possible (only functional). I will explain the step-by-step transaction flow of eCommerce / Card Not Present (CNP) / Online transactions. When you see any of the above logo on the web page where you are making a payment, it means that your transaction is protected by the 3D Secure protocol. This security protocol adds an additional layer of authentication for online transactions to reduce fraud. If a transaction has happened on 3D Secure protocol, then in case of Chargeback, liability is shifte...

Data Element 55 (DE55) typically contains various components that provide specific information about a financial transaction, especially in the context of credit card processing.  Today we will learn one of the important components of DE55. The Cryptogram (Tag 9f27) The Cryptogram (Tag 9F27) plays a crucial role in the security of card transactions, particularly in EMV (Europay, Mastercard, Visa) chip card transactions. Here's an explanation of its role in the card transaction lifecycle: 1. Creation of Cryptogram :- The Cryptogram is generated by the chip on the EMV payment card during the transaction process. - It's created based on various data elements, including transaction details, card data, and a secret cryptographic key stored on the chip.  2. Purpose of Cryptogram :- The primary purpose of the Cryptogram is to ensure the authenticity of the card and the integrity of the transaction data. - It helps prevent fraud by providing a unique code for each transaction, making ...

  Image Courtesy:https://paytechlaw.com/ Recap, from the previous article: Use Case #1. Neeraj used his AXIS Bank Credit Card at Big Bazar for INR 100. The Transaction gets authorized and Neeraj received the Product or Service. #2. Issuer deducts the INR 100 from the credit limit, subtracts INR 2 as Interchange Fee and transfer the INR 98 to the Mastercard. From this INR 2, some part goes to the Mastercard, and some are retained by the Issuing Bank as per agreement. #3. Mastercard transfers this INR 98 to the Big Bazar’s Bank i.e., HDFC Bank. #4. The HDFC Bank deduct the MDR of INR 0.50 and transfers the INR 97.50 to the Merchant’s Bank Account.  What will happen if Neeraj claims that he has not received the Product or Service for which he has paid INR 100 to the Big Bazar. We will see this in the next article of Chargeback Lifecycle. -------------------------------------------------------------------------------------------------------------------------...

  Image Courtesy:https://paytechlaw.com/ In my previous article, I have explained Step 1 i.e., Authorization. In this article, I am going to explain Step 2 – Batching, Step 3 – Clearing, Step 4 – Settlement. The Authorization process does not complete the transaction. After Authorization, the Merchant must request formally its Bank ( Acquiring Bank, the Bank that has provided the POS Machine to the Merchant ) to cover the fund for the sale. Now let us understand the further process. Step 2: Batching – In general words, the shopkeeper asks his bank that the POS Machine provided by you has x number of Authorized transaction and now you fund me for those. #1. The merchant stores all the day’s authorized sales in a batch. #2. The merchant sends this batch to the Acquirer to receive payments. The batch can be sent many times as per the agreement between Merchant and Acquiring Bank. Generally, it takes place at the end of Business Day.  Step 3: Clearing #1. The Acquirer B...

  Image Courtesy:https://paytechlaw.com/ Card Payments is a very vast domain and covering it through a blog becomes more challenging. This blog aims to give a high-level understanding of Card Payments in the most structured and organized way. Today world is moving at a great pace and hence stress would be laid in bestowing benefits to almost all groups influenced by Card Payments under professional and domestic growth. The topic will focus gradually on exploring the functionality and the mechanism behind this one of the most used methods of the payment system.   Participants Acquirer An Acquirer is a financial institution that processes transactions on behalf of a merchant. It holds the merchant's bank account and facilitates the acceptance of payment cards. Merchant A merchant refers to a business, either physical (Card Present) or online (Card Not Present), where a customer makes a purchase using a card issued by a financial institution (Issuer). The Point of Sale (POS) term...