Industry prepared for potential disruptions as tokenisation nears

industry insiders say, the success rate of token-based transactions is higher, but inadequate testing of certain use-cases may result in some transactions not going through

With a day left before the Reserve Bank of India’s (RBI’s) tokenisation norms kick in, the system is relatively ready for the transition. There are still some chinks in its armour and teething troubles are expected.

Industry insiders say the success rate of token-based transactions is high, but inadequate testing of certain use-cases may result in some transactions not going through.

Card-issuing banks are communicating to their customers that come October 1, card details not tokenised on merchant applications (apps)/websites will be removed in line with the RBI mandate.

According to norms, sensitive customer information like complete card number, card verification value (CVV), and date of expiry cannot be stored by merchants for processing online transactions from October 1. The merchants will have to purge all details stored and apply tokenisation.

Tokenisation is a back-end process of replacing credit/debit/prepaid card details with a unique set of characters or ‘tokens’. This is expected to secure payments and enable future transactions without exposing sensitive card details.

Only card networks like Visa, Mastercard, RuPay, American Express, and card issuers will have access to customer card details from these tokens. In case customers do not tokenise their cards, they will have to enter all card details (card number, date of expiry, CVV) to make payments every time they shop online.

While the initial deadline set by the RBI was January 1 this year, it was extended by another six months. The RBI again extended the deadline by another three months to September 30. This is because transaction processing based on tokens had not gained traction across merchant categories.

“The core payments are working well, but we are still awaiting some clarification from the RBI. The system is 99 per cent ready, but there are some issues that certain verticals are facing,” said Vishwas Patel, chairman, Payments Council of India.

“Some teething troubles are expected when such a massive transformative change is taking place. But we have to deliver on the RBI’s expectations,” he said.

“Ninety-five per cent of all Razorpay merchants have tokenised their customer card details,” said Khilan Haria, senior vice-president (SVP) and head of payments, product, Razorpay.

Card issuers have notified their customers that tokenisation is not applicable to international transactions. Customers will have to enter their card number to process such transactions.

“We haven’t received any complaints from any of our merchants. We have designed the solution with scalability in mind. The entire ecosystem wishes to quickly migrate and comply with the tokenisation requirements,” said Jagdish Kumar, SVP, products and solutions, Worldline India.

Although the preparedness of the ecosystem has seen marked improvement over the past few months, the inadequate testing experience of these token-based transactions has worried stakeholders.

Recently, the National Association of Software and Service Companies and the Merchant Payments Alliance of India wrote to the RBI furnishing a status report highlighting the industry requires adequate testing experience, especially for recurring payments.

Earlier this week, Visa said it has successfully provisioned more than 160 million card-on-file tokens in India. It had provisioned 100 million tokens by June this year.

“With the last 60 million token provisions taking fewer than three months to achieve, we are confident of this strong momentum continuing as the industry fully migrates to tokenised payments,” said Sandeep Ghosh, group country manager, India and South Asia, Visa.

One97 Communications tokenised over 93 per cent of its monthly active cards on the Paytm app. The company has tokenised 52.3 million cards across Visa, Mastercard, and RuPay.

PhonePe said about 80 per cent of its active monthly users have already tokenised their cards. The payments app has tokenised 14 million credit and debit cards on its platform.