Don’t miss the latest developments in business and finance.

Home / Tokenisation
image

Tokenisation

About Tokenisation

Facebook IconLinkedIN Icon

What is Tokenisation?

Tokenisation refers to the process of replacement of actual card details with a unique alternate code known as the 'token', which shall be unique for a combination of card, token requestor and identified device.
 
The Reserve Bank of India (RBI) has permitted authorised card payment networks to offer card tokenisation services to consumers requesting it, in an effort to improve the safety and security of card transactions.
 
According to RBI, no entity in the card transaction or the payment chain, other than the card issuers and/or card networks, are allowed to store the actual card data. Any such data stored previously will have to be purged.
 
Payments experts said that tokenisation was a necessary step due to the rapidly growing mobile payments in the country and major card companies actively pushing contactless payments.
 
In the absence of tokenisation, customers enter the card information manually every time they transact online and this increases the chances of error in entering data leading to transaction failures.
 
Tokenisation, as a technology solution, bridges this inconvenience gap and enables customers and businesses to sustain business as usual, by converting customer card information into a coded token.
 
Tokenisation provides consumers added layer of security by converting sensitive cardholder data to a string of randomly generated numbers known as a token.
 
A customer needs to provide a one time consent through OTP (one-time-password) and undertake a transaction to tokenise their debit and/or credit card for the first time. Hence, this feature enables users to utilise saved card details for seamless transactions.
 
Tokenisation is available for all types of card transactions including contactless transactions, in-app payments, QR code-based payments and token storage mechanisms.
 
In this process, tokenisation takes the security of a physical EMV (Europay, MasterCard, Visa) chip and applies it to non-card environments such as mobile, online and proximity payments.
 
Fraud detection
 
Tokenisation helps prevent fraud by offering financial institutions, merchants, and third-party payment providers, such as digital wallet operators, a secure way to enable mobile and online payments without sharing sensitive account information.
 
Tokens do not carry the consumer’s primary account number, reducing the risk of storing tokens on mobile devices, online merchants, and in cloud-based mobile apps.
 
Connected devices and risk-based authentication makes it easier to detect frauds. Tokenisation also makes it more difficult for hackers to gain access to cardholder data. Earlier, card numbers were stored in databases and exchanged freely over networks.
 
With tokenisation, sensitive data of all kinds including bank transactions, loan applications, and stock trading are substituted with tokens. However, the security level of the app and the customer’s mobile itself also needs to be taken into consideration.
 

How to request for tokenisation facility?

To enable tokenisation, a customer can use a third party (token requester) app such as the UPI app, a bank app or a mobile wallet app. At present, the facility shall be offered through mobile phones and tablets only.
 
Customers cannot be charged for availing the tokenisation service and they will have the option to register or deregister their card for a particular purpose and also the option to set and modify per transaction and daily transaction limit.
 
The customer shall be free to use any card registered with the token requestor app for performing a transaction. Tokens tied to lost or stolen mobile devices can be instantly reissued — without the need to change the consumer’s primary account number or reissue the plastic card.

Latest Updates on Tokenisation

Premium

Best of BS Opinion: Reducing the legal burden, an insecure partner & more

Here is the best of Business Standard's opinion pieces for today

Updated On: 17 Oct 2022 | 6:30 AM IST
Premium

Everything you want to know about tokenisation

For consumers, nothing has changed as token is just replacing the card details. Merchants do not have card details anymore and hence, if their sites are hacked, at best the hacker gets only the token

Updated On: 17 Oct 2022 | 12:19 AM IST
Premium

Cost of spending on digital transformations plateauing: HDFC Bk's Parag Rao

On Thursday, the bank launched a new one-stop solution application for merchants called the 'SmartHub Vyapar Merchant app'

Updated On: 06 Oct 2022 | 8:29 PM IST
Premium

System ready for tokenisation, says RBI deputy governor T Rabi Sankar

Roughly 350 million tokens have been created so far, Rabi Sankar said in the post-monetary policy press conference.

Updated On: 30 Sep 2022 | 6:32 PM IST
Premium

Industry prepared for potential disruptions as tokenisation nears

industry insiders say, the success rate of token-based transactions is higher, but inadequate testing of certain use-cases may result in some transactions not going through

Updated On: 29 Sep 2022 | 10:47 PM IST

Paytm tokenises over 52 mn cards, says on track to meet RBI's deadline

The company has tokenized 52.3 million cards across VISA, Mastercard and RuPay in its effort to make card transactions safer and drive convenience for consumers.

Updated On: 19 Sep 2022 | 4:00 PM IST
Premium

Card data storage: RBI relaxes rules for checkout on guest transactions

Sticks to Oct 1 deadline for card tokenisation; acquiring banks permitted to store card-on-file data until January

Updated On: 29 Jul 2022 | 1:12 AM IST

Large merchants comply with card tokenisation as deadline nears: Report

The RBI had directed the merchants to implement its tokenisation norms by June 30, 2022. The central bank has twice extended the deadline of its implementation in the past.

Updated On: 24 Jun 2022 | 4:21 PM IST
Premium

With month to go for card-on-file tokenisation, firms set up solutions

Merchants and other entities that have stored card details of customers will have to purge the data and apply tokenisation

Updated On: 09 Jun 2022 | 12:50 PM IST
Premium

There is ambiguity over what is called BNPL: Juspay Technologies CEO

'The impact of tokenisation extends to the entire payment ecosystem', said Vimal Kumar

Updated On: 31 Jan 2022 | 6:02 AM IST