What is tokenisation?
In the case of digital transactions, “tokenisation refers to replacement of actual card details with an alternative code called the ‘token’, which uniquely combines card, device, token requestor etc,” said Mandar Agashe, founder, vice-chairman, and managing director, Sarvatra Technologies. Credit card tokens are created to protect sensitive data of customers by substituting it with a series of algorithmically generated numbers and letters.
“Merchants, payment gateways cannot have this data, only an issuer and a network provider are allowed now,” explained Sanjeev Moghe, executive vice-president and head of cards and payments at Axis Bank.
How will merchant sites work without card data?
Generally, this is how it works: When the bank and card network receive a debit request from a payment gateway, they approve based on the customer’s input on the merchant site. Agashe explained that it is not the card on file (CoF), or saved card details, that is used to complete a transaction, a token is used instead. At the back-end, the token will be replaced with card data, for the transaction to go through. “You can’t just use the token anywhere. It is specific for that consumer, that merchant, and that card,” said Agashe.
How does this enhance the security of online transactions?
Information like credit card number, address, account number, can be easily misused if it falls into the wrong hands. However, with tokenisation, merchants can move data between networks without actually exposing such information.
For what kind of transactions will tokenisation apply?
“Tokenisation will be available for all ‘Card Not Present’ transactions, or online transactions,” said Ravi Buttula, head of merchant acquiring solutions at Wibmo. According to the RBI’s norms, tokenisation has to be done based on customer consent, to be validated through an additional factor authentication. The same bank and card network can do the tokenisation, or even de-tokenise the details based on customer request.
What else has the RBI said?
The central bank has also permitted enhancements to the existing card tokenisation system. The device-based tokenisation framework has been extended and will include consumer devices such as laptops, desktops, wearables (wrist watches, bands, etc.), and Internet of Things (IoT) devices.
How will customers be impacted?
At present, while shopping online your card data is stored on the merchant website, and the next time you simply choose the card, enter the CVV number and authenticate the transaction with a one-time password. According to a previous RBI guideline, the merchant website will not be allowed to store the card data from January 1. Which means you would have had to type out the details for every transaction.
Moghe says, “With tokenisation, the customer will have to do a one-time tokenisation and the subsequent transaction will be as easy as current ones”. He added that it's very simple to tokenise the first time. “It’s as simple as currently using a new card number on a website. You need to provide the card number, expiry date, CVV, etc,” he said.
To read the full story, Subscribe Now at just Rs 249 a month
Already a subscriber? Log in
Subscribe To BS Premium
₹249
Renews automatically
₹1699₹1999
Opt for auto renewal and save Rs. 300 Renews automatically
₹1999
What you get on BS Premium?
- Unlock 30+ premium stories daily hand-picked by our editors, across devices on browser and app.
- Pick your 5 favourite companies, get a daily email with all news updates on them.
- Full access to our intuitive epaper - clip, save, share articles from any device; newspaper archives from 2006.
- Preferential invites to Business Standard events.
- Curated newsletters on markets, personal finance, policy & politics, start-ups, technology, and more.
Need More Information - write to us at assist@bsmail.in