Neeraj Singh

Problem Statement: As a customer, whenever you saved your card in the early days, merchants used to save this data in an encrypted format and use it whenever you visited the merchant website again. But in the past, there have been many instances of data theft. Solution: RBI proposed a solution to tokenize card details so that the original card information cannot be used. RBI mandated that no one apart from the issuer and card network can store the data. Not only this, they also required all existing card details to be deleted. Who can Create the Token: It is formally referred to as the TSP (Token Service Provider). A TSP can either be the card network (Visa, Mastercard, Amex, Diners, etc.) or the issuer. The most commonly used TSP currently is the card network. Storing of the Card Details (Original PAN): Apart from the card network and the issuer, no one in the payment chain is allowed to store the original card number (PAN). Token Provisioning: You visited Amazon.in (the merchant webs...

   On July 28, 2022, the RBI issued a notification under Payment and Settlement Systems regarding restrictions on the storage of actual card data: “ No entity in the card transaction/payment chain, other than the card issuers and/or card networks, shall store CoF (Card on File) data, and any such data stored previously shall be purged. ” Let us try to understand the basic flow of this awesome security feature in the simplest form ever.  When making a payment using your credit card on a merchant website, you may have noticed an option to save your card information. By selecting this option, you are giving the merchant consent to tokenize your actual card number and store it. This allows you to avoid entering your full card number again for future transactions. But what if you do not want your card information stored, even if it is tokenized? In that case, you will need to enter your card details each time you make a purchase. This is known as acting as a "guest," hence the...

The way we speak in a certain language to make our life easier by communicating with each other, payments also have various languages. For Card Payment it is ISO8583. This language keeps the Card Payment world connected with each other. Let us try to understand the basic structure of this beautiful language in the simplest form ever.  Imagine an ISO8583 message as a structured sentence where different parts tell a story about a transaction. Each message is made up of 1/  MTI (Message Type Indicator) - Like a title it tells you what type of message it is (e.g. a payment request) 2/  Bitmap - A map that shows which parts of the message are included 3/  Data Elements - The actual details of the transaction like the card number, amount and date etc Detailed Explanation 1/ Reading the MTI (Message Type Indicator) The MTI is a 4 digit code that specifies the type of message. For example, 0200 indicates a financial transaction request (authorization) 1.1/ Br...

  While making an online payment, have you ever seen any of the above logo on the OTP page, depending on the card network you use? Visa - Verified by Visa Mastercard - Mastercard SecureCode American Express (Amex) - Safekey Discover and Diners Club International (DCI) - ProtectBuy Have you ever wondered what these mean? All of them are the proprietary names given by their own networks. Basically they are the 3D Secure protocol.😀 Let us decode them today in this article in the simplest form possible (only functional). I will explain the step-by-step transaction flow of eCommerce / Card Not Present (CNP) / Online transactions. When you see any of the above logo on the web page where you are making a payment, it means that your transaction is protected by the 3D Secure protocol. This security protocol adds an additional layer of authentication for online transactions to reduce fraud. If a transaction has happened on 3D Secure protocol, then in case of Chargeback, liability is shifte...