Tokenization – An Initiative By RBI

Blog Credit : Trupti Thakur

Image Courtesy : Google

Tokenization – An Initiative By RBI

Tokenisation is the process of replacing actual credit and debit card information with an alternate code called ‘token’. A tokenized card transaction is considered safer as the actual card details are not shared during the transaction..This token is unique for a combination of card, token requestor and device. This has been started by RBI to prevent data theft.

Advantages:

• Enhancing the security and building trust among customers.
• Makes it less vulnerable to cyber attacks.
• The safety of card data reduces the frauds related to payments.
• The token is unreadable by anyone except the payment processor, ensuring external and internal protection.

Challenges:

• The centralised card vault, where all the original cardholder data is stored before being tokenized, can be an attractive target for cyber attacks.
• Issues related to infrastructure.
• Cost of transaction fee may increase.
• The speed of transactions may reduce because of additional process of tokenization and de-tokenization during the transaction.

Way forward:

RBI’s tokenisation initiative is a right step towards enhancing data security and safeguarding sensitive information of customers.

Tokenisation – an overview

When you make an online payment using a Debit Card or Credit Card, the merchant initiates the transaction by transmitting the transaction details along with full card details to your card-issuer (Bank or Credit Card company). After confirming your card details, the card-issuer approves the payment, and deducts the payment from your account. However, in the case of tokenisation, the merchant initiates the transaction without knowing your full card details. Instead, a unique token linked to your card is transmitted to your card-issuer; the card issuer checks if the token number matches your card details and approves the transaction.

If you are a frequent online shopper, you may tend to save your card details for quick payments. As per the latest Reserve Bank of India (RBI) guidelines, without tokenisation, merchants can no longer store your Debit Card or Credit Card details on their apps, platforms, or websites. That means you have to re-enter your card details every time you shop online if you have not completed the tokenisation process. Tokenisation is a security measure you can opt for, which replaces your card details with a unique token number. Here, you can get all the information regarding the RBI tokenisation guidelines.

RBI guidelines on tokenisation

As per the RBI notification, with effect from September 30 2022, merchants cannot store customers’ card information. As such, only card-issuers can store the card details. The guidelines are as follows:

• Cardholders must complete an Additional Factor of Authentication (AFA) like OTP even though the transactions are tokenised.
• Card issuers are to provide the tokenisation facility free of charge.
• You can tokenise your card via authorised card networks, Bank or Credit Card company only.
• Your card data remains with your card issuer only. Merchants cannot access your complete card details.
• Merchants can only view the last four digits of your card along with your name.
• This facility is optional and merchants can tokenise your card only by receiving explicit consent through AFA.
• You can tokenise several cards in one mobile application. You are also free to choose the card you wish to use for a particular transaction.
• Card-issuers, too, can place limits on the daily, weekly, or monthly tokenised transactions.
• Card-issuers are to provide you with a portal to manage all your tokens at the same place. You can choose to suspend the token at a particular merchant or at all merchants in case you fear that your merchant account has been compromised, your device gets lost/stolen or a fraudulent token transaction is made by making use of this portal.
• Card-issuers can decline tokenisation requests if they detect suspicious activity.
• As per the latest RBI tokenisation circular, all existing card data saved with the merchant app must be purged by the merchant by 30th September 2022.

Tokenise your Bank Credit or Debit Cards

By tokenising your cards, you can protect your card information from falling into the wrong hands. When you make a card transaction, what transmits is a unique token number instead of your card number. Only your bank or card-issuing company can store your data. Here’s how you can tokenise your HDFC Bank Debit or Credit Cards before the deadline.

• Step 1 – Visit your favourite online application/website to purchase grocery, pay bills or order food and initiate a transaction.
• Step 2 – In the check-out page, select Bank Credit/Debit Card and provide CVV
• Step 3 – Tick mark the check box “Secure your Card” or “Save Card as per RBI guidelines”
• Step 4 – Enter the OTP received on your registered mobile number
• Step 5 – Congratulations!!! Your card details are now secured and safe with your Bank
• Step 6 – For subsequent payments, you can choose to pay using your Bank Credit/Debit Card by choosing the token bearing the last four digits of your Credit/Debit Card

 

 

Blog By : Trupti Thakur