News Highlight
The Reserve Bank of India (RBI) is ready to bring its card tokenisation norms into effect from October 1 after various complaints were filed regarding the misuse of debit or credit cards.
Key Takeaway
- Several people have been cheated in the last few years by cyber frauds because they have stored their card data on the merchant’s website for future payments.
- For tokenisation, companies need to tie up with payment service providers and set up a system to charge customers’ cards without storing information on their servers.
- Razorpay, PhonePe, and Worldline provide the bridge for these services between banks and merchants.
- From October 1, spending on platforms like e-commerce, food delivery and streaming services will be processed through tokenisation, as opposed to a ‘card on file’ system where merchants store details like card number and expiry date on their servers.
What is Card Tokenization?
- Tokenisation replaces a card’s 16-digit number on a plastic card with a unique alternate card number or ‘token’ unique to the combination of card, token requester and device.
- Tokens can be used for online transactions, mobile point-of-sale transactions or in-app transactions.
- This token will carry the details of your cards, such as 16-digit numbers, names, and expiry dates which you used to save earlier for future payments.
- So, instead of all the above-mentioned details, a unique token will be used by the merchant’s website for the transaction.
Working of Card Tokenization
Benefits of Card Tokenisation
- Transaction Security: Tokenisation reduces the risk of fraud from sharing card details.
- Easier Payments: The token is used to make contactless card transactions at Point of Sale (PoS) terminals and QR code payments.
- Data storage: Only card networks and card-issuing banks have access to and can store any card data.
Is this a mandatory feature?
- According to RBI, credit/debit card users don’t need to use the token system mandatorily.
- However, if the card user chooses not to use the tokenisation mechanism, credit/debit card details are required to be entered manually each time a transaction is made on an e-commerce or merchant website.
Pic Courtesy: freepik
Content Source: Economic Times