29.1 C
New Delhi
Tuesday, November 5, 2024
HomeTechDecoding card tokenisation

Decoding card tokenisation


From January 1, 2022, sensitive credit or debit card information such as card number, CVV and expiry date cannot be stored by merchants while processing online transactions. The Reserve Bank of India has directed all sellers in India such as Amazon, Flipkart and Zomato, to delete card information stored earlier to enhance the security of online transactions.


The regulator has allowed card networks like Visa, Mastercard or RuPay to issue tokens on request on behalf of the card-issuing banks or companies. This new system, called card tokenisation, will be safer as actual card details will not be allowed to be stored by the merchants thereby reducing the possibility of data theft and fraud.

But the success of this scheme will depend on the preparedness of the merchants.

What is tokenisation?

It is a process by which card details are replaced by a unique code or token, allowing purchases to go through without exposing sensitive details.

Is this a new concept?

  • “ETtech is a sharply-focused lens that brings alive India’s tech businesses & dynamic world of startups”

    Kunal Bahl, Co-Founder & CEO, Snapdeal

  • “I read ETtech for in-depth stories on technology companies”

    Ritesh Agarwal, Founder & CEO, Oyo

  • “I read ETtech to understand trends & the larger India technology space, everyday”

    Deepinder Goyal, Co-founder & CEO, Zomato



No, it already exists in India. United Payment Interface (UPI) uses the tokenisation concept, making it one of the safest online payment systems.

Who will benefit?

Consumers who use online payments. However, it is not mandatory. Customers, who had earlier allowed merchants to store sensitive details, will have to register their card details afresh, while the card networks will issue tokens against these details. Consumers who do not want their card details to be stored or enter their details for a one-time purchase don’t require to follow this.

Card tokenisation is only for domestic transactions. No fee will be charged.

Will the token system eliminate frauds?

RBI has told merchants to create a ‘token reference number’ against each token. Only these reference numbers are stored by the merchants. Once a fraud is detected, the same token cannot be used again. Users will have to request for a new token.

Who will issue the tokens?

Credit and debit card networks — Visa, Mastercard or RuPay — will issue tokens and will inform card-issuing banks. Some banks may ask card networks to take approval before issuing tokens.

Will there be one token for all merchants?

No. Tokens will be unique for a combination of card and merchant. If a consumer has a single card but makes online purchases from three different merchants, three different tokens to be issued. That means tokens will be merchant specific.

Can a card issuer refuse permission for tokens against a particular card?

Yes, they can refuse based on the risk perception of customers

No need to remember token info

Tokens will also be 16-digit numbers like in case of credit or debit cards, but consumers do not have to remember these. In fact, they won’t even get to know their token details. Banks will create a portal for card holders. Card holders can also delete tokens.

When not available…

Customers will have to enter card details every time they shop.

The challenges

Not many users are aware of it. There are also apprehensions that this may reduce online card payments volume and may give a fillip to wallet payments.

Stay on top of technology and startup news that matters. Subscribe to our daily newsletter for the latest and must-read tech news, delivered straight to your inbox.



Source link

- Advertisment -

YOU MAY ALSO LIKE..

Our Archieves