Decoding card tokenisation
Card tokenisation is safer as actual credit/ debit card details will not be allowed to be stored by merchants from January 1, 2022, thereby reducing the possibility of data theft and fraud.
By ETtech |
Getty Images
From January 1, 2022, sensitive credit or debit card information such as card number, CVV and expiry date cannot be stored by merchants while processing online transactions. The Reserve Bank of India has directed all sellers in India such as Amazon, Flipkart and Zomato, to delete card information stored earlier to enhance the security of online transactions.
The regulator has allowed card networks like Visa, Mastercard or RuPay to issue tokens on request on behalf of the card-issuing banks or companies. This new system, called card tokenisation, will be safer as actual card details will not be allowed to be stored by the merchants thereby reducing the possibility of data theft and fraud.
But the success of this scheme will depend on the preparedness of the merchants.
What is tokenisation?
It is a process by which card details are replaced by a unique code or token, allowing purchases to go through without exposing sensitive details.
Is this a new concept?
No, it already exists in India. United Payment Interface (UPI) uses the tokenisation concept, making it one of the safest online payment systems.
Who will benefit?
Consumers who use online payments. However, it is not mandatory. Customers, who had earlier allowed merchants to store sensitive details, will have to register their card details afresh, while the card networks will issue tokens against these details. Consumers who do not want their card details to be stored or enter their details for a one-time purchase don’t require to follow this.
Card tokenisation is only for domestic transactions. No fee will be charged.
Will the token system eliminate frauds?
RBI has told merchants to create a ‘token reference number’ against each token. Only these reference numbers are stored by the merchants. Once a fraud is detected, the same token cannot be used again. Users will have to request for a new token.
Who will issue the tokens?
Credit and debit card networks — Visa, Mastercard or RuPay — will issue tokens and will inform card-issuing banks. Some banks may ask card networks to take approval before issuing tokens.
Will there be one token for all merchants?
No. Tokens will be unique for a combination of card and merchant. If a consumer has a single card but makes online purchases from three different merchants, three different tokens to be issued. That means tokens will be merchant specific.
Can a card issuer refuse permission for tokens against a particular card?
Yes, they can refuse based on the risk perception of customers
No need to remember token info
Tokens will also be 16-digit numbers like in case of credit or debit cards, but consumers do not have to remember these. In fact, they won’t even get to know their token details. Banks will create a portal for card holders. Card holders can also delete tokens.
When not available...
Customers will have to enter card details every time they shop.
The challenges
Not many users are aware of it. There are also apprehensions that this may reduce online card payments volume and may give a fillip to wallet payments.
The regulator has allowed card networks like Visa, Mastercard or RuPay to issue tokens on request on behalf of the card-issuing banks or companies. This new system, called card tokenisation, will be safer as actual card details will not be allowed to be stored by the merchants thereby reducing the possibility of data theft and fraud.
But the success of this scheme will depend on the preparedness of the merchants.
What is tokenisation?
It is a process by which card details are replaced by a unique code or token, allowing purchases to go through without exposing sensitive details.
Is this a new concept?
ADVERTISEMENT
No, it already exists in India. United Payment Interface (UPI) uses the tokenisation concept, making it one of the safest online payment systems.
Who will benefit?
Consumers who use online payments. However, it is not mandatory. Customers, who had earlier allowed merchants to store sensitive details, will have to register their card details afresh, while the card networks will issue tokens against these details. Consumers who do not want their card details to be stored or enter their details for a one-time purchase don’t require to follow this.
Card tokenisation is only for domestic transactions. No fee will be charged.
ADVERTISEMENT
Will the token system eliminate frauds?
RBI has told merchants to create a ‘token reference number’ against each token. Only these reference numbers are stored by the merchants. Once a fraud is detected, the same token cannot be used again. Users will have to request for a new token.
ADVERTISEMENT
Who will issue the tokens?
Credit and debit card networks — Visa, Mastercard or RuPay — will issue tokens and will inform card-issuing banks. Some banks may ask card networks to take approval before issuing tokens.
Will there be one token for all merchants?
No. Tokens will be unique for a combination of card and merchant. If a consumer has a single card but makes online purchases from three different merchants, three different tokens to be issued. That means tokens will be merchant specific.
Can a card issuer refuse permission for tokens against a particular card?
Yes, they can refuse based on the risk perception of customers
No need to remember token info
Tokens will also be 16-digit numbers like in case of credit or debit cards, but consumers do not have to remember these. In fact, they won’t even get to know their token details. Banks will create a portal for card holders. Card holders can also delete tokens.
When not available...
Customers will have to enter card details every time they shop.
The challenges
Not many users are aware of it. There are also apprehensions that this may reduce online card payments volume and may give a fillip to wallet payments.
Download
The Economic Times Business News App for the Latest News in Business, Sensex, Stock Market Updates & More.
The Economic Times Business News App for the Latest News in Business, Sensex, Stock Market Updates & More.
Download
The Economic Times News App for Quarterly Results, Latest News in ITR, Business, Share Market, Live Sensex News & More.
The Economic Times News App for Quarterly Results, Latest News in ITR, Business, Share Market, Live Sensex News & More.
Related Articles
RBI introduces card tokenisation facility at bank levelADVERTISEMENT
