Mastercard enables CVC-less Payments for tokenized cards in India

August 3, 2023 | Mumbai, India

Introduces a frictionless payment experience with enhanced security on credit and debit cards.

Mastercard today announced the introduction of Cardholder Verification Code (CVC)-less online transactions for its debit and credit cardholders who have tokenized their cards on merchant platforms. The move aims to reduce the checkout time and make virtual transactions hassle-free and more secure.

CVC is the three-digit number printed on the back of debit and credit cards. According to the Reserve Bank of India’s tokenization guidelines, merchants who adopt tokenized payments will collect CVC only once, which is while tokenizing the card. From the second transaction onwards, cardholders will be required to select their tokenized card from the checkout page, confirm the one-time password (OTP) and complete the transaction without keying in CVC.

Several e-commerce players like Cashfree Payments and Zomato have already adopted CVC-less payments. By eliminating the need for CVC, merchants can expect benefits like higher authorization rates, reduced checkout abandonment, and enhanced customer payment experience.

“We are excited to introduce CVC-free payments, which reduce friction for cardholders, aligning their payment experience with other popular modes like UPI Intent. At Cashfree Payments, our vision is to consistently innovate and create solutions that make digital payments faster, safer, and more convenient,” said Akash Sinha, CEO and co-founder, Cashfree Payments.

 “CVC-less payments have indeed enabled quicker completion of transactions and enhanced convenience for our customers, without compromising on the security of payments,” said Akshant Goyal, CFO, Zomato.

Mastercard’s token-based transactions leverage three key factors that ensure a high degree of safety and security. These include:

  • Enhanced Security Features: Token-based transactions are inherently more secure as they involve a token expiry and a dynamic cryptogram, ensuring additional protection against fraud.
  • Authenticated User Identity Check: Payments made using an OTP or Additional Factor Authentication (AFA) ensure that only authorized users can complete the transactions.
  • Domain Control: Transactions based on tokens are domain-controlled as only the token requestor can seek a cryptogram, ensuring a secure and controlled transaction environment.

Mastercard is committed to delivering innovative and secure payment solutions that protect both merchants and consumers. Besides enhanced data security, CVC-less payments on tokenized cards come with benefits that make the online domestic card payment experience smoother and safer,” said Anubhav Gupta, senior vice president, South Asia, Mastercard.

It’s noteworthy that the issuing bank performs account identification and verification during token provisioning, adding an extra level of safety to the transaction process. With the launch of CVC-less payments, Mastercard has reiterated its commitment to providing a safe and seamless payment experience for Indian merchants and cardholders.  

Media Contacts

Tarun Nagrani, Mastercard

Mastercard is a global technology company in the payments industry. Our mission is to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments and businesses realize their greatest potential. Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. With connections across more than 210 countries and territories, we are building a sustainable world that unlocks priceless possibilities for all.