• Hey there! Welcome to TFC! View fewer ads on the website just by signing up on TF Community.

Card Tokenization

Hi,
I was a bit confused with the whole thing regarding card tokenization.
Here it mentions merchants cant store your CVV
Now I did a transaction on the big basket while my Amex cards were tokenized.
In the haste of the moment, I didn't see that I had entered the cvv of Amex card no 1 on the saved card details of Amex card no 2.
when I realized that this has happened was pretty surprised because I did it again just to see that merchants are storing the CVV while tokenization
Now two questions is this the plight on every website or is it a lapse of compliance from Amex/BigBasket?
In this case, i won't be eligible for a chargeback claim because they will claim that the OTP has been validated and if your email isn't secure you will end up beinng liable
 
Hi,
I was a bit confused with the whole thing regarding card tokenization.
Here it mentions merchants cant store your CVV
Now I did a transaction on the big basket while my Amex cards were tokenized.
In the haste of the moment, I didn't see that I had entered the cvv of Amex card no 1 on the saved card details of Amex card no 2.
when I realized that this has happened was pretty surprised because I did it again just to see that merchants are storing the CVV while tokenization
Now two questions is this the plight on every website or is it a lapse of compliance from Amex/BigBasket?
In this case, i won't be eligible for a chargeback claim because they will claim that the OTP has been validated and if your email isn't secure you will end up beinng liable
I can confirm it's same on Flipkart and Amazon at least.
 
Hi,
I was a bit confused with the whole thing regarding card tokenization.
Here it mentions merchants cant store your CVV
Now I did a transaction on the big basket while my Amex cards were tokenized.
In the haste of the moment, I didn't see that I had entered the cvv of Amex card no 1 on the saved card details of Amex card no 2.
when I realized that this has happened was pretty surprised because I did it again just to see that merchants are storing the CVV while tokenization
Now two questions is this the plight on every website or is it a lapse of compliance from Amex/BigBasket?
In this case, i won't be eligible for a chargeback claim because they will claim that the OTP has been validated and if your email isn't secure you will end up beinng liable
@VISHESH_BANSAL @Abhishek012 @Chaitanya-a @pprakash11
 
I suggest you go through this thread. It's not very old but still relevant. I've recently discovered it myself and have limited knowledge about it.

 
Hi,
I was a bit confused with the whole thing regarding card tokenization.
Here it mentions merchants cant store your CVV
Now I did a transaction on the big basket while my Amex cards were tokenized.
In the haste of the moment, I didn't see that I had entered the cvv of Amex card no 1 on the saved card details of Amex card no 2.
when I realized that this has happened was pretty surprised because I did it again just to see that merchants are storing the CVV while tokenization
Now two questions is this the plight on every website or is it a lapse of compliance from Amex/BigBasket?
In this case, i won't be eligible for a chargeback claim because they will claim that the OTP has been validated and if your email isn't secure you will end up beinng liable
Card tokenization means data isn't stored at merchant's end. Just your card's last 4 digits are stored for recognising.

Other sensitive details like cvv are stored at your payment network's server. Not at all illegal. Nothing to worry about as well.
 
Last edited:
While you were tokenizing/saving card with the merchant, you've given correct info and authenticated. Then the merchant doesn't require your cvv again. You can enter any no. you want there. Just have to approve by entering otp.
well this becomes a burden for the consumer.
anybody can hack your email and validate otp and you wont be able to get a chargeback as well
 
Also you can ask your bank to stop sending otp on mail if you're comfortable with it.

Some banks like HDFC already give customers a choice to select where to send the OTP: phone or email. (That's a good thing too, because for certain kinds of transactions they send half the digits of an OTP to the phone, and the rest to the email. So, permanently turning off sending OTPs to the email would create problems).
 
Back
Top