The regulator has allowed card networks like Visa, Mastercard or RuPay to issue tokens on request on behalf of the card-issuing banks or companies. This new system, called card tokenisation, will be safer as actual card details will not be allowed to be stored by the merchants thereby reducing the possibility of data theft and fraud.
But the success of this scheme will depend on the preparedness of the merchants.
What is tokenisation?
It is a process by which card details are replaced by a unique code or token, allowing purchases to go through without exposing sensitive details.
Is this a new concept?
-
“ETtech is a sharply-focused lens that brings alive India’s tech businesses & dynamic world of startups”
Kunal Bahl, Co-Founder & CEO, Snapdeal
-
“I read ETtech for in-depth stories on technology companies”
Ritesh Agarwal, Founder & CEO, Oyo
-
“I read ETtech to understand trends & the larger India technology space, everyday”
Deepinder Goyal, Co-founder & CEO, Zomato
No, it already exists in India. United Payment Interface (UPI) uses the tokenisation concept, making it one of the safest online payment systems.
Who will benefit?
Consumers who use online payments. However, it is not mandatory. Customers, who had earlier allowed merchants to store sensitive details, will have to register their card details afresh, while the card networks will issue tokens against these details. Consumers who do not want their card details to be stored or enter their details for a one-time purchase don’t require to follow this.
Card tokenisation is only for domestic transactions. No fee will be charged.
Will the token system eliminate frauds?
RBI has told merchants to create a ‘token reference number’ against each token. Only these reference numbers are stored by the merchants. Once a fraud is detected, the same token cannot be used again. Users will have to request for a new token.
Who will issue the tokens?
Credit and debit card networks — Visa, Mastercard or RuPay — will issue tokens and will inform card-issuing banks. Some banks may ask card networks to take approval before issuing tokens.
Will there be one token for all merchants?
No. Tokens will be unique for a combination of card and merchant. If a consumer has a single card but makes online purchases from three different merchants, three different tokens to be issued. That means tokens will be merchant specific.
Can a card issuer refuse permission for tokens against a particular card?
Yes, they can refuse based on the risk perception of customers
No need to remember token info
Tokens will also be 16-digit numbers like in case of credit or debit cards, but consumers do not have to remember these. In fact, they won’t even get to know their token details. Banks will create a portal for card holders. Card holders can also delete tokens.
When not available…
Customers will have to enter card details every time they shop.
The challenges
Not many users are aware of it. There are also apprehensions that this may reduce online card payments volume and may give a fillip to wallet payments.