Using your debit cards and credit cards online will become more secure and easy as the Reserve Bank of India (RBI) has allowed banks to generate tokens for your cards. At present, you can create tokens only through e-commerce websites while making online payments through your cards. What is the new card tokenisation rule and how is it going to help you? Read on to find out.
Let’s understand what tokenisation is, first. Card tokenisation is a major reform to enhance the security of online transactions. Tokenisation refers to the replacement of actual card details with an alternate code called the “token”, which will be unique for a combination of cards, the token requestor (i.e., the entity which accepts a request from the customer for tokenisation of a card, and passes it on to the card network to issue a corresponding token) and device (referred hereafter as “identified device”), as per the FAQs released by the Reserve Bank of India (RBI).
Earlier, RBI directed payment aggregators, wallets, and online merchants (entities in card transaction/ payment chains other than card issuers/card networks) not to store any sensitive card-related customer information including full card details. Hence, the card numbers can be replaced with ‘tokens’ as mentioned above. This mandate came into effect from October 1, 2022.
Card-on-File tokenisation at issuer bank: What is new?
As of now, tokens could can only be created at various merchant websites. When you are making a transaction on a merchant website for the first time, you get an option to ‘secure your card as per RBI guidelines’ at the time of checkout. When you opt for this, a secure token is generated, and the same is stored in the merchant’s database instead of your actual card details. Now, the regulator has proposed to introduce Card-on-File token creation facilities directly at the issuer bank level.
Sharing a glimpse of how the Card-on-File tokenisation will work at the bank level, Rahul Jain – CFO, of NTT DATA Payment Services India, says “So, while making online payments through debit card and credit card, the ‘token request’ will now be sent to the issuer bank who will then validate it for authenticity and security purposes. Once the token request is approved, the issuer bank will create a unique token linked to the card details shared by the users. To initiate the transaction, the merchant uses the token to request payment authorisation from the issuer bank. Upon receiving a tokeniszed payment request, the issuer bank uses the token to refer to the user’s card details stored in their database. The bank then initiates the transaction as they would with the original card information.”
How debit card, credit card tokenisation at issuer banks makes your online transaction secure and faster
A tokenised card transaction is considered safer as the actual card details are not shared or stored with the merchants to perform the transaction. Instead, tokens of your card details are used for all the online payments you make to the merchants. The central bank introduced tokens to reduce fraudulent activities and safeguard card data, consequently enhancing the convenience and safety of transactions for customers. “Till now, the cardholders had to create different tokens through each merchant’s application or webpage. This would require time and effort from the users. Going forward, tokens will be created at the issuer bank-level and linked to their existing accounts with various e-commerce applications,” says Mandar Agashe, Founder & Managing Director at Sarvatra Technologies.
Moreover, this move will eliminate the duplication of tokenisation process at each app or website along with increased transaction security, resulting in reduced card-data-related frauds, says Agashe.
Simply put, you don’t even have to use your 16-digit debit or credit card number while making an online transaction. You can just use a token issued by your bank. So, your debit or credit card numbers are not required to be exposed to a new online merchant anymore. “This move bolsters security through unique tokens and provides a streamlined, user-friendly experience. CoF tokeniszation, acting as a digital guardian for your sensitive card information, represents a smart and convenient change set to make transactions simpler,” says Gaurav Jalan, CEO and founder, mPokket.
Do note that e-commerce platforms or payment aggregators or online merchants are not allowed to save your debit or credit card details now. So, if you do not wish to create a token, you have to enter the card numbers, expiry date, and CVV every time you make a transaction on that website.
As you can now create card tokens at your bank, you will be able to easily add or delete tokens on the bank website or application. So, you don’t have to go through the hassle of creating and deleting tokens on some platforms that you have used at one point but do not use anymore. You can just use the token issued by your bank for all your online transactions through debit and credit cards. Explaining this further, Adhil Shetty, CEO, of BankBazaar.com, says, “The expectation is that once this is implemented, you would be able to create and manage your card tokens for the e-commerce sites directly from your bank account, pretty much like setting your credit limits and spending limits over net banking or banking app. This gives you greater control over managing your card token and allows you to add, modify, and delete tokens remotely, without accessing the website.”
This process poses minimal challenges for issuer banks, as most of them can leverage the existing unified payment system framework for token creation, says Jain. “This strategic move not only promotes safer and more secure card transactions but also enhances overall transaction efficiency.”
What are the benefits of Card on File tokenisation at the issuer banks?
Identifying three core benefits of card tokenisation, Jain says
1) Tokenisation streamlines the checkout process, eliminating the need for customers to repeatedly input their card information for each purchase.
2) Tokenisation enhances the overall customer experience, simplifying and expediting the payment process for customers.
3) Tokenisation aims to reduce fraudulent activities and safeguard card data.