Tokenisation of debit and credit cards

 Tokenization of debit and credit cards

The RBI has directed payment aggregators, wallets, and online merchants (other than card issuers/card networks) not to store any sensitive card-related customer information, including full card details. As a result, the card numbers can be replaced with a ‘token’.

The RBI mandate would take effect on October 1, 2022. According to the RBI, this development will make card transactions more secure.

 

 

What is Tokenization?

Tokenization is the process of replacing a card’s 16-digit number on the plastic card with a unique alternate card number, or ‘Token’ which shall be unique for a combination of card, token requestor, and device. Tokens can be used for online transactions, mobile point-of-sale transactions, or in-app transactions. This token contains no personal information that can be directly accessed and keeps changing making it the most secure method to complete payments.

Here’s how to generate your token

The tokenization process is free of charge and is applicable only for domestic card transactions. If you have multiple cards, you can create separate tokens for each card you own.

Step 1 Visit any e-commerce/merchant website to make a purchase and start a transaction

Step 2 During the check-out, select your preferred bank’s credit/debit card as a payment method and enter all details

Step 3 Select the option to “secure your card” or “save the card as per RBI guidelines”

Step 4 Fill in the OTP sent on your mobile or email by the card company and finish the transaction

Step 5 Your token has been generated and saved instead of your actual card details

You can recognize the card by its last four digits and use the same token for that website for any future transaction.

Benefits of tokenization

Tokenization is intended to combat online fraud and prevent digital payment breaches. According to the central bank, many entities in the card payment transaction chain store actual card details. In fact, some merchants require their customers to save their credit card information. The availability of such information with a large number of merchants significantly increases the risk of card data theft.

Tokenization aims to eliminate this by replacing actual cardholder information with a unique and randomly generated code on merchant websites.

 

Some Questions Answered:

 

What is tokenization?

Ans. Tokenization refers to the replacement of actual card details with an alternate code called the “token”, which shall be unique for a combination of cards, token requestor (i.e. the entity which accepts a request from the customer for tokenization of a card, and passes it on to the card network to issue a corresponding token) and device (referred hereafter as “identified device”).

 What is de-tokenization?

Ans. Conversion of the token back to actual card details is known as de-tokenization.

What is the benefit of tokenization?

Ans. A tokenized card transaction is considered safer as the actual card details are not shared with the merchant during transaction processing.

How can tokenization be carried?

Ans. The cardholder can get the card tokenized by initiating a request on the app provided by the token requestor. The token requestor will forward the request to the card network which, with the consent of the card issuer, will issue a token corresponding to the combination of the card, the token requestor, and the device.

What are the charges that the customer needs to pay for availing of this service?

Ans. The customer need not pay any charges for availing of this service.

What are the use cases (instances/scenarios) for which tokenization has been allowed?

Ans. Tokenization has been allowed through mobile phones and/or tablets for all use cases/channels (e.g., contactless card transactions, payments through QR codes, apps, etc.)

Can tokenization be enabled through a smartwatch or other devices?

Ans. The feature of tokenization is available on consumer devices like mobile phones, tablets, laptops, desktops, wearables (wristwatches, bands, etc.), Internet of Things (IoT) devices, etc.

Who can perform tokenization and de-tokenization?

Ans. Tokenization and de-tokenization can be performed only by the authorized card network. The list of card networks authorized by RBI to operate in India is available on the RBI website at the link https://www.rbi.org.in/Scripts/PublicationsView.aspx?id=12043.

Who are the parties/stakeholders in a tokenization transaction?

Ans. Normally, in a tokenized card transaction, the parties/stakeholders involved are merchants, the merchant’s acquirer, the card payment network, the token requestor, the issuer, and the customer. However, an entity, other than those indicated, may also participate in the transaction.

Are the customer card details safe after tokenization?

Ans. Actual card data, tokens, and other relevant details are stored in a secure mode by authorized card networks. The token requestor cannot store Primary Account Number (PAN), i.e., card number, or any other card detail. Card networks are also mandated to get the token requestor certified for safety and security that conforms to international best practices / globally accepted standards.

Is tokenization of a card mandatory for a customer?

Ans. No, a customer can choose whether or not to let his / her card be tokenized.

Do the customers have the option to select tokenization for a particular use case?

Ans. Customers have the option to register / de-register their card for a particular use case, i.e., contactless, QR code-based, in-app payments, etc.

How does the process of registration for a tokenization request work?

Ans. The registration for a tokenization request is done only with explicit customer consent through an Additional Factor of Authentication (AFA), and not by way of a forced / default / automatic selection of a check box, radio button, etc. Customers will also be given a choice of selecting the use case and setting-up up limits.

Can the customer set / select their limits for tokenized card transactions?

Ans. Customers have the option to set and modify per-transaction and daily transaction limits for tokenized card transactions.

Is there any limit on the number of cards that a customer can request for tokenization?

Ans. A customer can request tokenization of any number of cards. For performing a transaction, the customer shall be free to use any of the cards registered with the token requestor app.

Can the customer select which card to be used in case he/she has more than one card tokenized?

Ans. For performing any transaction, the customer shall be free to use any of the cards registered with the token requestor app.

Is there any limit on the number of devices on which a card can be tokenized?

Ans. A customer can request tokenization of his / her card on any number of devices.

Whom shall the customer contact in case of any issues with his / her tokenized card? Where and how can he/she report the loss of the device?

Ans. All complaints should be made to the card issuers. Card issuers shall ensure easy access to customers for reporting a loss of an “identified device” or any other such event which may expose tokens to unauthorized usage.

Can a card issuer refuse the tokenization of a particular card?

Ans. Based on risk perception, etc., card issuers may decide whether to allow cards issued by them to be registered by a token requestor.

Where can more information on RBI instructions on tokenization be found?

Ans. More information can be found in the following circulars issued by RBI - DPSS.CO.PD No.1463/02.14.003/2018-19 dated January 8, 2019, and CO.DPSS.POLC.No.S-469/02-14-003/2021-22 dated August 25, 2021.

Comments

Post a Comment

Popular posts from this blog

Is Ethonal the next game changer?

Image
Is Ethanol blending the next game changer?  India's E20 India launched a pilot for E20, or petrol blended with 20% ethanol at the ‘India Energy Week’ in Bengaluru, bringing forward by two years the launch of a cleaner-burning version of petrol. What is Ethanol Blending? Ethyl alcohol or Ethanol (C2H5OH) is a biofuel that is naturally made by fermenting sugar. While it is mostly derived by extracting sugar from sugarcane, other organic matter like foodgrains can also be used for its production. As part of its carbon reduction commitments, India has launched the Ethanol Blended Petrol (EBP) programme to mix this biofuel with petrol to reduce the consumption of fossil fuel. Earlier, the government announced the achievement of E10 target, that is, the petrol used in the country has 10% ethanol in it. Then PM launched the pilot of E20 across at least 15 cities. The same is expected to be rolled out across the country in a phased manner in the coming months and years. Why E20
Read more

🌟 Embracing Economic Flourish: The Grandeur of Indian Weddings! 🎊💼

Image
🌟 Embracing Economic Flourish: The Grandeur of Indian Weddings! 🎊💼   The Indian wedding season isn't just a celebration of love; it's a powerhouse for businesses and the economy! Here's a glimpse into the thriving industries set to shine during this festive period:   1. Glittering Gold Rush: Jewelry Industry 💍 Indulge in the dazzling allure of gold and diamonds as the jewelry industry anticipates a massive surge, contributing up to 60% of the year's total revenue.   2. Fashion Forward: Fashion and Apparel Industry 👗 From breathtaking bridal wear to stunning guest ensembles, the fashion and apparel industry gears up for high demand, setting trends and adding glam to the celebrations.   3. Hospitality High: Hospitality Industry  🏨  As guests travel far and wide, hotels and resorts experience a surge in occupancy, boosting revenue and creating job opportunities in the thriving hospitality sector.   4. Mastering the Grandeur: Wedding Plannin
Read more

Do you think India really needs another time zone?

Image
Do you think India really needs another time zone? Each night, the sun sets over an hour and a half later in western India than in the east of the nation, yet the whole nation follows a similar time region. Later nightfall implies individuals stay conscious longer, which prompts lack of sleep among youngsters and adversely influences their review endeavors, another concentrate by an examination researcher at Cornell University has found. Because of resting late, kids are less inclined to finish essential and center school, and this effect is generally articulated among unfortunate families, says the review, ‘Poor Sleep: Sunset Time and Human Capital Production’, which investigated the outcomes India faces by working under a solitary time region. "Back-of-the-envelope gauges propose that India causes yearly human resources expenses of generally $4.1 billion (almost Rs 29,000 crore) or 0.2% of ostensible GDP [Gross Domestic Product] because of the current arrangement directing time r
Read more