Tokenisation: How tokens instead of credit card details can make transactions safe and secure – effective from January 1
Tokenisation: We live in a world where development takes place every single day. We have witnessed a lot of progress in the last few years in the form of money, as it has come a long way. A few decades ago, no concept of currency notes and coins existed in the country and only the barter system of trade prevailed.
However, now everything has been upside down. There is no barter system as it had a lot of complications and therefore was not feasible, and the country’s payment methods have been completely digitalised.
With the growing needs of people due to the low availability of time, digital payment methods have been growing at a great pace. From coins and notes to debit cards and UPI wallets, we have seen a great development, making the process of transaction much more simpler and easier.
Now anyone can pay through their mobiles in just a second while sitting at their homes. In this article, we will be discussing about one such development in the payment mode. What was its need and how it works, everything will be discussed in this article? However, to understand everything clearly, we have to start from the beginning.
Tokenisation
The Reserve Bank of India has recently allowed tokenisation while making daily payments through a debit card. You might be wondering why the Reserve Bank of India is doing so? Well, we have the answer for you. In today’s world, everything has become digital. The payments have become digital too, which is great but it sure has some risk associated with it, which is currently on the rise.
Many merchants and e-commerce entities force their customers to store the details of the debit or credit card that they are using which increases the risk of their card data being stolen. This leads to the creation of distrust among people, which at all costs should be avoided.
Therefore, the RBI introduced the tokenisation of these cards. With the Reserve Bank of India allowing the tokenisation of cards, this threat among the people of their data being stolen can be completely avoided.
What is tokenisation?
It is a simple process. Tokenisation refers to the process of replacing the card details of an individual with an alternative code which is called a token. A token is a unique combination of the card, the token requestor which means an entity that accepts the request of the cardholder for the tokenisation of the card and sends the request to the card network to issue a token, and a device. This is as per the reports of the Reserve Bank of India. How does it help?
By creating a token, a person can avoid sharing the details of his credit or debit card and therefore this eliminates the risk of theft of the card data. The token generated during the process of tokenisation is used to facilitate contactless card transactions at the point of sales and QR code payments. This will make the payment method quicker and safer than ever.
Moreover, RBI has also extended the process of tokenisation of card-on-file and therefore directed the merchants to not hold or store the card details in their system. This will be effective from January 1, 2022.
A card-on-file transaction is one in which a cardholder allows the merchant to hold and store the data of his MasterCard or VISA payment details and to bill the stored account. Merchants in e-commerce companies, airlines and supermarket chains often store the card data of their customers.
According to the reports of RBI, no entity involved in the card transaction or payment chain, except the card network and card issuer should hold the actual data of the card after January 1, 2022. Any such data which has been stored earlier will be purged. The previous barring on the data was issued till 31 March 2020, but it later got extended to 31 December 2021. After the deadline, the storing of data will not be possible for any merchant or entity.
How does tokenisation function?
This is a question which everyone must be wondering about right now. Well, it is very simple. A cardholder can get the card tokenised by initiating a request on the app which is provided by the token requestor.
After this, the token request will be transferred to the card network by the token requestor, which, with the consent of the card issuer, will generate a token corresponding to the combination of card, requestor and device. Moreover, RBI has allowed tokenisation through all mobile phones and tablets for all cases and channels like contactless card transactions and payments through QR codes.
Who generates the tokens? Big companies like MasterCard and Visa generate the token and therefore act like token service providers and therefore provide the tokens to e-commerce and mobile payment platforms.
In that way, these tokens can be used during the transactions instead of the card details which were previously used by these companies to facilitate transactions. This will completely eliminate the risk of data theft and will make the users tension free.
What does the user have to do? Once the token is generated, the user has to enter the card details on e-wallets like PhonePe or Google Pay and the platforms will ask for one of the TSP for token. The TSP in the beginning will ask for the permission of data from the bank. After the verification, one code will get generated and will be sent to the individual’s mobile phone.
This code will help in generating the token and once a unique token gets generated, it will be forever linked to the individual’s device and can never be replaced. Therefore, all the payments will be facilitated through the token and there will be no need of sharing the personal details of the individual’s credit or debit card, therefore maintaining the complete privacy of the individual.
Who has the authority to tokenise the cards?
RBI has given has permitted all the card issuers to act like Token Service Providers which will offer tokenisation of cards that have been issued or affiliated by them. However, tokenisation of the card will be done after the consent of the individual has been received along with the additional factor of authentication. RBI has cleared out the tokenisation or detokenisation will be done only by the Token Service Providers.
What was the need for tokenisation?
Looking for the convenience and comfort of the users involved in a transaction through cards, the idea of tokenisation was made. Many corporate entities store the details of the credit or debit card of the individuals while facilitating transactions which has risen the concern of people, fearing that there can be a theft of card data.
In fact, some entities even force their customers to fill in all the card details while making payments and being a huge market with a large number of merchants, the risk of theft rises even more.
The risk of the data being stolen can affect the growth of digitalisation of currency and therefore the need for introducing the token system arose. Earlier, there have been many incidents involving theft of data filled by the users while making payments, and with the introduction of tokenisation, the need to fill details of the card will be eliminated, therefore providing comfort and building trust of the users.
Edited by Sanjana Simlai.