Tokenisation for credit and debit card transactions: What is it, and how does it help you?

Source: The post is based on the article “Tokenisation for credit and debit card transactions: What is it, and how does it help you?” published in the Indian Express on 3rd October 2022.

What is the News?

The Reserve Bank of India’s card-on-file (CoF) tokenisation norms have kicked in from October 1.

What is tokenisation?
Read here: RBI permits card-tokenization services in a bid to make card transactions more safe

Tokenisation can be performed only by the authorised card network and recovery of the original Primary Account Number (PAN) should be feasible for the authorised card network only.

How did India decide to carry out tokenisation?

In September 2021, the RBI prohibited merchants from storing customer card details on their servers with effect from January 1, 2022, and mandated the adoption of card-on-file (CoF) tokenisation as an alternative.

After multiple extensions, the RBI decided not to give any further relaxation in implementing these norms from October 1.

So from now on any purchases done online or through mobile apps, merchants, payment aggregators and payment gateways will not be able to save crucial customer credit and debit card details such as three-digit CVV and expiry date.

Must read: RBI’s Payment Guidelines: Implications – Explained, Pointwise
How will tokenisation work?

A debit or credit card holder can get the card tokenised by initiating a request on the app provided by the token requester. The token requester will forward the request to the card network which, with the consent of the card issuer, will issue a token corresponding to the combination of the card, the token requester, and the device.

The customer will not be charged for availing of the tokenisation service.

Note: According to the RBI data, till the end of July 2022, while the number of credit cards issued stood at around 8 crore, debit cards in the system were 92.81 crores.

What do customers gain from tokenisation?

a) Tokenised card transaction is considered safer as the actual card details are not shared with the merchant during the transaction. For example, in case of any data breach or hacking attempt at the merchant’s end, the customer’s card details will be protected, b) The token requestor cannot store Primary Account Number (PAN), or any other card details, c) Card networks are also mandated to get the token requester certified for safety and security that conform to international best practices/globally accepted standards, and d) Tokenisation lends greater credibility to seamless and secure payments experience.

Read more: Tokenisation: Advantages and Challenges
Print Friendly and PDF