Tokenization of Credit Card and Debit Card

Tokenization of credit card and debit card

Why in the news:

  • The Reserve Bank of India (RBI) on December 23 extended the deadline for card tokenisation till June 30, 2022.
  • The earlier deadline set by the Reserve Bank was set to expire on December 31, 2021.
  • In a bid to make online payment transactions through credit and debit cards more safe and secured, the Reserve Bank of India (RBI) has ordered all online payment gateways, merchants and e-commerce companies to implement tokenisation of cards by their customers while making payments.
  • The industry lobby of banks, Indian Banks Association (IBA), had made representation to the RBI for an extension of the tokenisation deadline. That apart, some banks too had approached the regulator seeking an extension.

About the new rule:

  • The central bank has asked all the merchants and e-commerce firms to delete all sensitive data of the customer relating to their card details available at their platforms.
  • Ahead of the rule change in online payments, various banks have started reaching out to their customers through SMS and emails informing them about the change.
  • India’s largest private sector lender HDFC Bank in an SMS earlier this week said, “Effective 1st Jan’22! Your HDFC Bank card details saved on Merchant Website/App will get deleted by the merchants as per the RBI mandate for enhanced card security. To pay each time, enter full card details or opt for tokenisation.

About  tokenisation

  • Tokenisation refers to the replacement of credit and debit card details with an alternative code called a ‘token’, which is unique for a combination of card, token requestor (the entity that accepts a request from the customer for tokenisation of a card and passes it on to the card network to issue a token) and the device, the RBI says.
  • This reduces the chances of fraud arising from sharing card details. The token is used to perform contactless card transactions at point-of-sale (PoS) terminals and QR code payments.
  • RBI has also extended tokenisation of Card-on-File (CoF) transactions — where card details used to be stored by merchants — and directed the merchants not to store card details in their systems from 1 july 2022.
  • A CoF transaction is one in which a cardholder has authorised a merchant to store his or her Mastercard or Visa payment details, and to bill the stored account. E-commerce companies and airlines and supermarket chains often store card details.

Advantages of Tokenization :

Tokenization makes the process of accepting payments easier and more secure. Tokenization is more than just a security technology—

  • It helps create smooth payment experiences and satisfied customers.
  • Tokenization reduces risk from data breaches,
  • helps foster trust with customers,
  • minimizes red tape and
  • drives technology behind popular payment services like mobile wallets.

How tokens instead of credit card details can make transactions safer?

  • With the introduction of tokens by merchants, only authorised merchants would be able to send you the payment links, which wouldn’t ask you for card details but instead display the token issued against that card, thereby preventing hackers from getting access to any of your financial details.

Why RBI gave extension:

  • The deadline for card tokenisation had created problems in the payments industry because not all banks and payment companies were ready with the infrastructure.
  • Many customers who were upset with the RBI decision to change the recurring payments to a consent-based system were not willing to tokenise their card details for the new system.
  • Besides, most merchants and even banks were not prepared to switch to the new system on time.
  • The payments industry had lobbied for two years at least for a smooth transition, according to reports.

What’s the consumer impact?

  • An estimated 5 million customers, who have stored their card details for online transactions on various platforms, could be impacted if the online players and merchants are not able to implement the changes at their backend. E-commerce platforms, online service providers and small merchants could be especially hit.
  • Equated monthly instalments and subscription-based transactions that are paid through stored cards will also have to adhere to new rules. Now, with the latest extension, the RBI expects the systems to be ready for seamless launch in six months.
  • While 90 per cent of banks are ready for tokens on the Visa platform, Mastercard is yet to catch up.
  • The RBI had banned Mastercard from issuing any new cards on July 14 this year for not complying with data localisation requirements. Even as CoF conversion to a tokenised number is being done, the system is not geared up for processing the tokens as merchants are not ready at their end.

5 1 vote
Rating
Subscribe
Notify of
guest
1 Comment
Inline Feedbacks
View all comments