The idea behind e-commerce AKA online shopping is convenience! It’s for people, like me, who don’t want to crawl in traffic, look for parking (and walk around looking for parking meters!), go to a shop where the sales rep has no clue and waste few hours until they process my order. Who has time for that? Time is money! The smart choice to buy is online, do your own research, compare online and have it delivered!
One of the biggest issues slowing down e-commerce in Sri Lanka is the payment systems, the card payment system we use is still ‘90s tech. You go to Takas.lk and hit few buttons and get taken to a some banks’ (non-mobile friendly) page, try to remember where you left your card, find it, enter it. If you’re lucky you it goes through, if not you have to do this all over again. If your using a mobile it’s tough as almost all payment pages are not responsive. The next time you have to buy something, you have to go through the same process over and over again. That’s not convenient. The whole value proposition of e-commerce is to order something as fast as we can and save time!
But why is it so easy on places like Amazon or eBay? Because they let you save your card details. You enter your card number once and next time you come in it’s just few clicks – it’s doesn’t matter if your in the loo with your phone (don’t say you don’t do it, we all take our phones there) and buying stuff. Well, at least that’s how I shop.
Finally after years of fighting, nagging & arguing with regulators we finally made it happen by partnering with Commercial Bank and Mastercard’s MPGS (Mastercard Payment Gateway Services). ComBank & Mastercard are not new to Takas.lk, we have been using their older MIGS payment gateway called MIGS (Mastercard Internet Gateway Service) for a few years.
Before we jump in and ask everyone to save their cards, we need to talk about security. We need to make sure that card information is safe and who’s safer than the people who issue credit cards? That’s ComBank and Mastercard. When you save a card on Takas it gets saved in a PCI-DSS (Payment Card Industry Data Security Standard) certified system within Mastercard and ComBank! Takas doesn’t see it, we don’t touch it. Takas is only given a ‘token’ which we can use to refer to the card stored in the ‘token vault’. So risk for the customer is basically non-existent. This layer of security is in addition to the legal safety measures provided by card issuers like Mastercard & Visa that hold merchants accountable for transactions, which makes card payments a lot more secure than card or bank transfers.
Using ‘tokens’ to save cards at Takas is a process called ‘tokenization’. It’s a way to securely store and share data on transactions. How this works is fairly simple but highly secure as anyone who provides tokenization needs to be PCI-DSS compliant. The card you enter at Takas is actually been entered in your computer, once you hit save this information goes directly from your browser/computer to Mastercard’s payment gateway servers and saves it there. It always follows 3DS (two factor authentication) security standards. Once the card is saved and the payment is a success the information is shared with ComBank (our payment acquirer) and then Takas is issued a unique ID for that credit card known as the token. This token can only be used by Takas via ComBank and nowhere else. Even if someone steals the token they can’t take money off that credit card. Takas encrypts and stores this data in using AES256, (Advanced Encryption Standard) one of the most secure data encryption algorithms.
The next time the customer orders from Takas, they see the saved card (1st six digits and last 2 digits) and your bank name) and no card information needed to be filled. Takas sends the token to Mastercard with with the transaction data to process the payment. Customers can delete their card at any time by logging in to their customer account.
So to sum up:
Q: Does Takas get my credit card information?
A: No, Takas does not get customers card information. Takas only sees the 1st 6 digits and last 2 digits, your bank name and expiry date.
Q: Who keep my card information ?
A: Card information is stored by ComBank and Mastercard in their PCI-DSS compliant token vault.
Q: Can someone use the token stored at Takas and use my card?
A: No, only Takas is allowed to use the token and no one else can use it, even if they have it.
Q: Can i delete my card ?
A: You can delete your saved cards at anytime by logging in to your account.