Mastercard Enables CVC-Less Payments for Tokenized Cards in India

Mastercard announced the introduction of Cardholder Verification Code (CVC)-less online transactions for its debit and credit cardholders who have tokenized their cards on merchant platforms. The move aims to reduce the checkout time and make virtual transactions hassle-free and more secure.

CVC is the three-digit number printed on the back of debit and credit cards. According to the Reserve Bank of India’s tokenization guidelines, merchants who adopt tokenized payments will collect CVC only once, which is while tokenizing the card. From the second transaction onwards, cardholders will be required to select their tokenized card from the checkout page, confirm the one-time password (OTP) and complete the transaction without keying in CVC.

Several e-commerce players like Cashfree Payments and Zomato have already adopted CVC-less payments. By eliminating the need for CVC, merchants can expect benefits like higher authorization rates, reduced checkout abandonment, and enhanced customer payment experience.

“We are excited to introduce CVC-free payments, which reduce friction for cardholders, aligning their payment experience with other popular modes like UPI Intent. At Cashfree Payments, our vision is to consistently innovate and create solutions that make digital payments faster, safer, and more convenient,” said Akash Sinha, CEO and Co-Founder, Cashfree Payments.

“CVC-less payments have indeed enabled quicker completion of transactions and enhanced convenience for our customers, without compromising on the security of payments,” said Akshant Goyal, CFO, Zomato.

Mastercard’s token-based transactions leverage three key factors that ensure a high degree of safety and security. These include:

• Enhanced Security Features: Token-based transactions are inherently more secure as they involve a token expiry and a dynamic cryptogram, ensuring additional protection against fraud.
• Authenticated User Identity Check: Payments made using an OTP or Additional Factor Authentication (AFA) ensure that only authorized users can complete the transactions.
• Domain Control: Transactions based on tokens are domain-controlled as only the token requestor can seek a cryptogram, ensuring a secure and controlled transaction environment.

“Mastercard is committed to delivering innovative and secure payment solutions that protect both merchants and consumers. Besides enhanced data security, CVC-less payments on tokenized cards come with benefits that make the online domestic card payment experience smoother and safer,” said Anubhav Gupta, Senior Vice President, South Asia, Mastercard.

It’s noteworthy that the issuing bank performs account identification and verification during token provisioning, adding an extra level of safety to the transaction process. With the launch of CVC-less payments, Mastercard has reiterated its commitment to providing a safe and seamless payment experience for Indian merchants and cardholders.

Source: Mastercard