Come 1 October, the rules for online payments for debit and credit cards will change. The Reserve Bank of India (RBI) has made it mandatory for all credit and debit card data used in online, point-of-sale, and in-app transactions to be replaced with tokens by September 30 this year. Earlier, the deadline was extended by three months starting July.
What will happen after tokenisation kicks in?
The added layer of security for debit, credit card holders by way of tokenisation is expected to enhance users' digital payment experience.
What is tokenisation?
As per the RBI, tokenisation refers to the replacement of actual card details with an alternate code called the "token".
Benefit of tokenisation
A tokenised card transaction is considered safer as the actual card details are not shared with the merchant during the processing of the transaction.
According to Gaurav Kapoor, Director & Co-Founder, Fincorpit Consulting, tokenisation is very safer mode of transaction as the actual card details are not shared with the merchant during the processing of the transaction and is replaced by a unique token. At this time, when cyber crime in India is on rise, the cyber infrastructure requires an upgrade.
“This move of RBI to make tokenisation mandatory for the merchants is a step forward to control the menace of cyberattacks," said Gaurav Kapoor.
Impact on customers on tokenisation
Currently, many entities, including merchants, involved in an online card transaction chain store card data like card number, expiry date, etc. [Card-on-File (CoF)] citing cardholder convenience and comfort for undertaking transactions in future.
While this practice does render convenience, the availability of card details with multiple entities increases the risk of card data being stolen or misused and there have been instances where such data stored by merchants have been compromised.
When customers shop on an e-commerce site, they won't be able to store the card credentials of a shopper in any form. When you shop online, you are asked to feed the 16-digit debit card number and then the CVV code. The next time, you shop on the same site, you just have to put in the CVV and then the OTP is generated by the bank to make the purchase.
When the new rule kicks in, a customer will have to put in their entire card details while shopping online.
Once customers start purchasing an item, the merchant will initiate tokenisation and ask for consent to tokenise the card. Once consent is given, the merchant will send the request to the card network.
According to Amit Gupta, MD, SAG Infotech, end consumers will be more likely to hold onto payment information if tokenisation is implemented without worrying about the misuse of such information. However, almost all the merchants have said yes to this change, so we can say honestly that most of them are ready. Smaller merchants will benefit from network adoption of tokenisation, and the network will be authorized to have visibility data on user adoption of tokenization.
The primary problem remains recurring payments, which are still failing in some test runs. “We're likely on the loop of October 2021 e-mandate - recurring payments won't work which would force customers to input the card details again each month. Additionally, merchants will suffer revenue losses as a result of this inconvenience," he said.
Debit credit card holders: Steps to tokenise
- Visit an e-commerce website to purchase products.
- Select the preferred card options as the payment method
- Enter all the required details carefully.
- Tap on the option that states 'secure your card as per RBI guidelines' on the website to generate a token and store it according to the RBI guidelines.
- You will receive a one-time password (OTP)
- Enter OTP on the bank page and the card details will be sent for the token generation and transaction authorisation.
- The token will be sent to the merchant and he will save it in place of the personal card details.
- The next time you visit the same e-commerce platform or merchant website, the last four digits of the saved card will be displayed. This indicates that the debit card or credit card has been tokenised.
A customer can choose whether or not to let his / her card tokenised. Those who do not wish to create a token can continue to transact as before by entering card details manually at the time of undertaking the transaction.
Unlock a world of Benefits! From insightful newsletters to real-time stock tracking, breaking news and a personalized newsfeed – it's all here, just a click away! Login Now!
Related Premium Stories
Catch all the Business News, Market News, Breaking News Events and Latest News Updates on Live Mint. Download The Mint News App to get Daily Market Updates.
MoreLess
Published: 26 Sep 2022, 09:56 AM IST
I'm a financial technology enthusiast with extensive knowledge in the field of digital payments and cybersecurity. My expertise is built on a background in finance, technology, and a keen interest in staying updated on industry regulations and advancements.
Now, let's delve into the concepts used in the provided article about the changes in online payment rules mandated by the Reserve Bank of India (RBI) regarding tokenisation of debit and credit card data.
-
Tokenisation:
- Definition: Tokenisation, as per the RBI, refers to the replacement of actual card details with an alternate code called the "token."
- Purpose: The primary goal of tokenisation is to enhance the security of digital payment transactions by replacing sensitive card information with a unique token.
- Security Benefits: Tokenised card transactions are considered safer since the actual card details are not shared with the merchant during transaction processing.
-
RBI Mandate:
- Regulation: The RBI has made it mandatory for all credit and debit card data used in online, point-of-sale, and in-app transactions to be replaced with tokens by September 30.
-
Impact on Customers:
- Data Security: Tokenisation aims to address the security concerns associated with storing card details by multiple entities. With tokenisation, the risk of card data being stolen or misused is reduced.
- User Experience: The added layer of security is expected to enhance users' digital payment experience.
-
Merchant Process of Tokenisation:
- Consent: Merchants will initiate tokenisation and ask for customer consent to tokenise the card.
- Request to Card Network: After consent, the merchant will send a request to the card network for tokenisation.
- Visibility Data: The network will have visibility data on user adoption of tokenisation, benefiting smaller merchants.
-
Challenges and Concerns:
- Recurring Payments: There may be challenges with recurring payments, and merchants may face revenue losses due to potential inconveniences.
- Customer Input: Customers may need to input card details again each month for recurring payments after the implementation of tokenisation.
-
Steps to Tokenise:
- Process: Customers need to visit an e-commerce website, select the preferred card option, enter required details, and tap on the option to generate a token as per RBI guidelines.
- OTP Authentication: The process involves receiving a one-time password (OTP) for authentication.
-
Customer Choice:
- Opt-Out Option: Customers can choose whether or not to let their cards be tokenised. Those who opt out can continue manual entry of card details during transactions.
In summary, the RBI's move towards tokenisation is a significant step in bolstering cybersecurity in online transactions, providing users with a more secure and controlled payment environment. The article outlines the regulatory framework, benefits, impact on customers, and the procedural aspects of tokenisation.
