Tokenisation of debit and credit cards

 Tokenization of debit and credit cards

The RBI has directed payment aggregators, wallets, and online merchants (other than card issuers/card networks) not to store any sensitive card-related customer information, including full card details. As a result, the card numbers can be replaced with a ‘token’.

The RBI mandate would take effect on October 1, 2022. According to the RBI, this development will make card transactions more secure.

 

 

What is Tokenization?

Tokenization is the process of replacing a card’s 16-digit number on the plastic card with a unique alternate card number, or ‘Token’ which shall be unique for a combination of card, token requestor, and device. Tokens can be used for online transactions, mobile point-of-sale transactions, or in-app transactions. This token contains no personal information that can be directly accessed and keeps changing making it the most secure method to complete payments.

Here’s how to generate your token

The tokenization process is free of charge and is applicable only for domestic card transactions. If you have multiple cards, you can create separate tokens for each card you own.

Step 1 Visit any e-commerce/merchant website to make a purchase and start a transaction

Step 2 During the check-out, select your preferred bank’s credit/debit card as a payment method and enter all details

Step 3 Select the option to “secure your card” or “save the card as per RBI guidelines”

Step 4 Fill in the OTP sent on your mobile or email by the card company and finish the transaction

Step 5 Your token has been generated and saved instead of your actual card details

You can recognize the card by its last four digits and use the same token for that website for any future transaction.

Benefits of tokenization

Tokenization is intended to combat online fraud and prevent digital payment breaches. According to the central bank, many entities in the card payment transaction chain store actual card details. In fact, some merchants require their customers to save their credit card information. The availability of such information with a large number of merchants significantly increases the risk of card data theft.

Tokenization aims to eliminate this by replacing actual cardholder information with a unique and randomly generated code on merchant websites.

 

Some Questions Answered:

 

What is tokenization?

Ans. Tokenization refers to the replacement of actual card details with an alternate code called the “token”, which shall be unique for a combination of cards, token requestor (i.e. the entity which accepts a request from the customer for tokenization of a card, and passes it on to the card network to issue a corresponding token) and device (referred hereafter as “identified device”).

 What is de-tokenization?

Ans. Conversion of the token back to actual card details is known as de-tokenization.

What is the benefit of tokenization?

Ans. A tokenized card transaction is considered safer as the actual card details are not shared with the merchant during transaction processing.

How can tokenization be carried?

Ans. The cardholder can get the card tokenized by initiating a request on the app provided by the token requestor. The token requestor will forward the request to the card network which, with the consent of the card issuer, will issue a token corresponding to the combination of the card, the token requestor, and the device.

What are the charges that the customer needs to pay for availing of this service?

Ans. The customer need not pay any charges for availing of this service.

What are the use cases (instances/scenarios) for which tokenization has been allowed?

Ans. Tokenization has been allowed through mobile phones and/or tablets for all use cases/channels (e.g., contactless card transactions, payments through QR codes, apps, etc.)

Can tokenization be enabled through a smartwatch or other devices?

Ans. The feature of tokenization is available on consumer devices like mobile phones, tablets, laptops, desktops, wearables (wristwatches, bands, etc.), Internet of Things (IoT) devices, etc.

Who can perform tokenization and de-tokenization?

Ans. Tokenization and de-tokenization can be performed only by the authorized card network. The list of card networks authorized by RBI to operate in India is available on the RBI website at the link https://www.rbi.org.in/Scripts/PublicationsView.aspx?id=12043.

Who are the parties/stakeholders in a tokenization transaction?

Ans. Normally, in a tokenized card transaction, the parties/stakeholders involved are merchants, the merchant’s acquirer, the card payment network, the token requestor, the issuer, and the customer. However, an entity, other than those indicated, may also participate in the transaction.

Are the customer card details safe after tokenization?

Ans. Actual card data, tokens, and other relevant details are stored in a secure mode by authorized card networks. The token requestor cannot store Primary Account Number (PAN), i.e., card number, or any other card detail. Card networks are also mandated to get the token requestor certified for safety and security that conforms to international best practices / globally accepted standards.

Is tokenization of a card mandatory for a customer?

Ans. No, a customer can choose whether or not to let his / her card be tokenized.

Do the customers have the option to select tokenization for a particular use case?

Ans. Customers have the option to register / de-register their card for a particular use case, i.e., contactless, QR code-based, in-app payments, etc.

How does the process of registration for a tokenization request work?

Ans. The registration for a tokenization request is done only with explicit customer consent through an Additional Factor of Authentication (AFA), and not by way of a forced / default / automatic selection of a check box, radio button, etc. Customers will also be given a choice of selecting the use case and setting-up up limits.

Can the customer set / select their limits for tokenized card transactions?

Ans. Customers have the option to set and modify per-transaction and daily transaction limits for tokenized card transactions.

Is there any limit on the number of cards that a customer can request for tokenization?

Ans. A customer can request tokenization of any number of cards. For performing a transaction, the customer shall be free to use any of the cards registered with the token requestor app.

Can the customer select which card to be used in case he/she has more than one card tokenized?

Ans. For performing any transaction, the customer shall be free to use any of the cards registered with the token requestor app.

Is there any limit on the number of devices on which a card can be tokenized?

Ans. A customer can request tokenization of his / her card on any number of devices.

Whom shall the customer contact in case of any issues with his / her tokenized card? Where and how can he/she report the loss of the device?

Ans. All complaints should be made to the card issuers. Card issuers shall ensure easy access to customers for reporting a loss of an “identified device” or any other such event which may expose tokens to unauthorized usage.

Can a card issuer refuse the tokenization of a particular card?

Ans. Based on risk perception, etc., card issuers may decide whether to allow cards issued by them to be registered by a token requestor.

Where can more information on RBI instructions on tokenization be found?

Ans. More information can be found in the following circulars issued by RBI - DPSS.CO.PD No.1463/02.14.003/2018-19 dated January 8, 2019, and CO.DPSS.POLC.No.S-469/02-14-003/2021-22 dated August 25, 2021.

Comments

Post a Comment

Popular posts from this blog

📊 Why Filing Your Income Tax Return (ITR) is a Game-Changer! 🌟

Image
📊 Why Filing Your Income Tax Return (ITR) is a Game-Changer! 🌟 Ever wondered why filing an Income Tax Return (ITR) is so important? 🤔 It’s not just about paying taxes ITRs offer a range of benefits that can make a huge difference in your financial life! Here’s a quick rundown of why you should file your ITR and the perks that come with it. 🚀 🔍 What is an Income Tax Return (ITR)? An ITR is a form you use to report your income, taxes, exemptions, and deductions to the Income Tax Department. It’s essential for determining your tax liabilities and potential refunds. 💵 Who Needs to File an ITR? Income Threshold: If you earn more than ₹2.5 lakh (₹3 lakh for seniors, ₹5 lakh for super seniors) annually, you need to file. Businesses: Registered businesses must file regardless of profitability. NRIs & Foreign Assets: Those with foreign income or assets must file. High Expenses: If you spend over ₹2 lakh on international travel or paying over ₹1 lakh in electricity bills or deposit...
Read more

🔒 Navigating Cybersecurity Challenges in Accounting: Protecting Your Data in the Digital Age 🔒

Image
🔒 Navigating Cybersecurity Challenges in Accounting: Protecting Your Data in the Digital Age 🔒   As digital transformation revolutionizes the accounting sector, cyber threats loom large. Accounting professionals and firms are prime targets for cybercriminals due to the sensitive financial data they hold. While technology brings efficiency, it also exposes firms to risks, emphasizing the need for robust cybersecurity solutions.   💼 Why Cybersecurity is Crucial in Accounting:   Hackers are increasingly innovative, targeting financial data for illicit gain. Companies must prioritize implementing security measures to combat unauthorized access and data breaches.   🔍 Understanding Cyber Threats:   Cyberattacks occur daily, aiming to access sensitive information such as transaction details, account numbers, and personal data. Accounting firms, rich in cash reserves, attract these threats, making cybersecurity vital for all, regardless of size. ...
Read more

🚀 Unlocking India's IT Future: Trends Driving Growth 🌟

Image
 🚀 Unlocking India's IT Future: Trends Driving Growth 🌟 As we step into the future, the landscape of India's IT industry is set to undergo remarkable transformations. Here are the top trends that will shape the growth trajectory of Indian IT firms in the years to come: Digital Transformation:  📲 The wave of digital transformation sweeping through industries will only intensify. From streamlining operations to enhancing customer experiences, businesses are hungry for innovative solutions. Cloud Computing: ☁️ Embracing the cloud is no longer an option but a necessity. Expect a surge in cloud adoption as organizations recognize the scalability and cost-efficiency it offers for their IT needs. Artificial Intelligence and Machine Learning:  🤖 AI and ML are not just buzzwords; they're becoming indispensable tools for driving innovation across sectors like healthcare, finance, retail, and manufacturing. Cybersecurity: 🔒 With cyber threats on the rise, protectin...
Read more