From October 1, 2022, the way you use your credit or debit cards while shopping on Amazon, Flipkart, BigBasket, Myntra, etc., has changed. You would no longer be required to save your 16-digit card number and the card expiry date on the merchant’s website. As per the new rules set by the Reserve Bank of India (RBI), the only way that you can conveniently make a card payment repeatedly is through a new process called ‘tokenisation’. The Reserve Bank of India (RBI) has mandated all credit and debit card information used for online, point-of-sale, and in-app transactions are replaced with independent tokens from October 1, 2022.
Tokenization is the process of substituting a sensitive data element with a non-sensitive equivalent, referred to as a token that has no intrinsic or exploitable meaning or value. The tokenization feature adds an extra level of security to solve the problem of storing card data, and helps to reduce the risk of fraud payments to the minimum.
2. Why Tokenisation?
The next time you want to use your debit or credit card to make any purchase online or with a merchant, your card details are usually saved with the merchant. In case their security measures are not good, it puts all customers at risk. Due to any reason, if the merchant’s website gets hacked and debit and credit card details are leaked, customers will get into trouble. RBI wants to fix exactly this issue by making card tokenization compulsory; the onus of card security now lies on banks and processors, and not on merchants.
When you shop online or book tickets on travel portals, you tend to save your credit card details on those websites. So, you just don’t need to remember your card details each time you shop. Just enter the CVV and you check out in a matter of seconds. But that was risky. If your online site or travel portal gets hacked, your card details could be leaked. Tokenisation is converting your card details into a unique token specific to your card and only to one merchant at a time. This code masks the true details of your card, without which no one can misuse your card. This token can be saved on the online portal’s server.
3. What is the size of the Industry –
During 2021-22, payment transactions carried out through credit cards increased by 27 per cent to 223.99 crores in volume terms and 54.3 per cent to 9.72 lakhs in value terms, as per the RBI’s annual report for 2021-22. Till the end of July 2022, while the number of credit cards issued stood at around 8 crores, debit cards in the system were 92.81 crores, recent RBI data showed. Though the RBI provides total credit and debit card transaction data in terms of value and volumes, it does not provide separate numbers for online and offline transactions. When you look at the debit and credit card transactions data (provided by RBI), they have not given a bifurcation between online and offline.
4. Background:
Unsafe online practices prompted the central bank to devise new rules to protect consumers. Credit card data such as number, CVV and card expiry date is often stored on the merchants’ databases for ease of payment. But this data is fraught with security risks. In the past, the data stored on some websites have been breached and leaked into the public domain. Once that happens, cards may be fraudulently used, and their owners may suffer financial losses. Hence the apex bank issued directives that no entity except card issuers or networks will be allowed to store debit or credit card details. Data already stored needs to be removed. From October 1, 2022, the Reserve Bank of India’s card-on-file (CoF) tokenisation norms have kicked in, which aim at improving the safety and security of card transactions. After multiple extensions, the RBI decided not to give any further relaxation in implementing these norms. Earlier, the facility for card tokenisation was available only for mobile phones and tablets of interested card holders. Subsequently, with an uptick in tokenisation volume, the RBI decided to extend the scope of tokenisation to include consumer devices – laptops, desktops, wearable (wristwatches, bands, etc.) and Internet of Things (IoT) devices.
5. How to Tokenize Your Cards?
The following process needs to be done with every merchant for each transaction separately.
• To purchase any products or services and to initiate a transaction, a customer visits an e-commerce or merchant’s website
• Then select the preferred card options as the payment method and enter all details
• In case the website wants the customer to store the card details for a faster checkout experience, there will be an option ‘to secure your card as per RBI guidelines’ customer must opt for this option to securely generate a token and have it stored as per RBI guidelines.
• To complete the transaction, a customer will receive a one-time password (OTP) on the mobile device or email from the card issuer company.
• Once the OTP is entered on the bank page, the card details are sent for a token generation as well as transaction authorization.
• Generated token is sent back to the merchant, who then stores the token against the customer identification data e.g., mobile number or email address.
• When a customer visits the same e-commerce or merchant website, the last four digits of the saved card are shown, which helps them to recognize it during the transaction. This means that a customer’s card has been tokenized.
• A new token is generated for every merchant website where the card details are required to be stored.
Tokenization of debit and credit cards prevents your card details from being stolen when you shop online. By tokenizing your card, you reduce the risks of unauthorized purchases and improve the security of your online transactions. This way, even if your card details are compromised, the fraudster will not be able to use them for online purchases. When you tokenize your card, you don’t have to worry about the security of your online transactions.
6. Benefits of Tokenization for Credit / Debit Cards –
Tokenization of debit and credit cards prevents your card details from being stolen when you shop online. By tokenizing your card, you reduce the risks of unauthorized purchases and improve the security of your online transactions. This way, even if your card details are compromised, the fraudster will not be able to use them for online purchases. When you tokenize your card, you don’t have to worry about the security of your online transactions.
According to the RBI, card issuers will ensure an easy way for customers to report the loss of an identified device or any other event that may expose tokens to unauthorised usage. The card issuer will ensure customers can easily report the loss of an identified device or any other event that may expose their tokens to unauthorised usage. The card network will put in place a system to immediately de-activate such tokens and associated keys in case of their exposure to unauthorised usage. Tokenization will only affect online transactions for the time being. The use of tokenization will not change the way that credit and debit cards are used at merchant locations. When you visit a merchant location, the same process used today will happen. You will provide your card information to the merchant. The merchant will pass your card information to the bank or credit union to process the transaction.
7. Some Important Provisions -
Tokenisation is not mandatory, but it makes it easier to shop repeatedly.
As a customer, you don’t need to remember the token.
The end-customer experience is not changing while making the payment.
The tokenisation of cards is absolutely free and can be availed by anyone.
Currently, tokenisation is applicable only to domestic cards. International cards are not covered by this guideline.
You can request for tokenisation on any number of cards to perform a transaction.
You can tokenise multiple cards with the same merchant, or tokenise the same card with multiple merchants.
You need to visit the merchant page and create a fresh token if your card is replaced or renewed or upgraded. That is because your new card (credit or debit) comes with a new number and CVV.
8. Conclusion
Tokenization is a major reform that would go a long way in enhancing the security of online transactions. It prevents your card details from being stolen when you shop online. By tokenizing your card, you reduce the risks of unauthorized purchases and improve the security of your online transactions. This way, even if your card details are compromised, the fraudster will not be able to use them for online purchases. When you tokenize your card, you don’t have to worry about the security of your online transactions. The progress in the implementation of this guideline is satisfactory Close to 35 Crore tokens have already been created till Sept 2022. In September alone, 40 per cent of transactions, valuing around Rs.63 Crore, were done using tokens
The process of tokenizing your card is simple and easy. It only takes a few minutes to complete, and you can do it anytime, anywhere. The process is also completely secure, so you don’t have to worry about your personal information being compromised. If you’re ready to start making safer online purchases, choose the option to “Tokenize your card in accordance with RBI guidelines.”