From 30 Sep this year, all credit and debit card details that have been saved on various merchant websites will be deleted as per the RBI mandate. This move is targeted at mitigating risks related to data theft or loss. Once this move is implemented, card users will have to enter complete card details every time that they want to make a payment. Alternatively, they can opt for tokenization. So, what is tokenization and how does it work?
Here is all you need to know about tokenization and how it will impact you.
Tokenization is:
The credit card tokens that will be created as part of the tokenization process will help in protecting the sensitive information of customers. This is because it will substitute the data with a series of algorithmically generated numbers and letters. Merchants and payment gateways will not be allowed access to this data. The data can only be accessed by the issuer and network provider for maximum safety.
In September 2021, the RBI announced the prohibition on merchants storing customer card information on servers to come into effect from January 01, 2022. As an alternative to saving card data, the central bank asked merchants to adopt card-on-file (CoF) tokenization.
However, the implementation of these norms has been pushed out by six months to come into effect from June 30, 2022 which was further extended till 30 September.
In today’s digital age, sensitive information such as credit card numbers, account numbers, user addresses, etc. can be stolen online and misused further. By adopting tokenization, merchants will be able to move data across networks without compromising on the safety of sensitive customer information.
Tokenization will apply to:
This can be implemented as per customer consent received by the merchant. Once implemented, it has to be validated using an additional factor authentication. The bank and card network that implements the tokenization on behalf of the customer can also de-tokenize the details upon receiving customer requests.
Let’s understand the functionality of tokenization:
Although tokenization was planned to be part of a device-based framework, it will be further extended to include consumer devices like desktops, laptops, wearables, and Internet of Things (IoT) devices.
If a user will make use of his/her card on a laptop, tokenization will be specific to the laptop. If used on another device, the token will not be useful. Thus, since CoF data does not work on another device, the user will have to enter the data again. This ensures the security of transactions. Tokenization may also allow device binding, which will let customers use the same token across multiple devices.
In the current scenario, online shopping requires buyers to save their card data on many merchant websites. Thus, while buying from the same merchant site the next time, customers can save time and hassle in the payment process as they can simply select the card, provide the card’s CVV number and further authenticate the transaction using a one-time password.
Once tokenization comes into effect, a customer will have to go through a one-time process of tokenization and all subsequent transactions can be made easy. The process is going to be very simple and involve the usage of a token. Apart from ease of transactions, it will ensure that customer data remains safe and cannot be accessed from merchant sites.
Once tokenization comes into effect from June 30, some of the common steps that will have to be followed for adopting the same are:
From the time of the announcement of tokenization by RBI, it has not seen any traction from all merchants across the nation. Very few have shown their interest explicitly in tokenizing cards.
Since this will be a first in the country, customers must also expect some level of inconvenience in re-registering credit or debit card details. However, since it will be a onetime process and more clarity may follow once the implementation date comes closer, experts do not expect the purchase process to be significantly impacted.
Although most of the country’s leading banks like ICICI, SBI, HDFC, etc. have shown a preparedness to shift to tokenization, most merchants have shown resistance. Their argument is that the necessary infrastructure is currently not present to adopt the new regime. This is the reason why RBI pushed out the implementation date of tokenization to September 30th 2022. It is now a wait and watch game to see whether the acceptance and actioning of the same will go as expected.
From a customer perspective, the process of tokenization will not involve any charges.
Tokenization of card transactions will involve the token requestor, merchant, card payment network, issuer and customer.
No, tokenization will not be mandatory for card users since they can choose whether to opt for it or no. (source – RBI )
No, there will be no limit on the number of devices that a customer can use tokenization on. In the initial stages of its implementation, however, it will only be available through mobiles and tablets.
Post implementation, customers can address any of their tokenization specific queries to relevant card issuers.
This Diwali, we present a portfolio that reflect both sector-specific and stock-specific opportunities. With 2…
Thank you for showing interest in taking a BTST position using our Delivery Plus product.…
Thank you for showing interest in the consultation on trading strategies! Our expert will reach…
Even if you are a new participant in the stock market, the process of buying…
A company’s debt position can be gauged using the interest coverage ratio or ICR. This…
Muhurat Trading, a cherished tradition in the Indian stock market, takes place on Diwali, the…