In News:
- RBI is implementing Card Tokenisation norms which will come into effect from 1st October, 2022.
- These new rules will change the way debit and credit card details are stored by online merchants.
What’s in today’s article:
- About Card Tokenisation (Meaning, Working, Benefits, etc.)
What is Card Tokenisation?
- The RBI describes tokenisation as "the replacement of actual card details with an alternate code called the 'token', which will be unique for a combination of card, token requestor and device.”
- The 'requestor' accepts a request from the customer to tokenise their card and pass it on to the card network to issue a corresponding token.
- This token will carry the details of your cards such as 16-digit number, names, expiry dates which you used to save earlier for the future payments.
- So, instead of all the above mentioned details, a unique token will be used by the merchant’s website for the transaction.
Working:
- Once the new norms are implemented, the cardholder has to go through a one-time registration process for every card, at every online merchant's website they intend to use the card by entering its details and providing consent to create a token during checkout.
- A token will be generated for a particular card at a single website.
Benefits:
- Currently, the bank card details are saved by a merchant during a transaction.
- If, the merchant's website is hacked, the details of the customers will be exposed.
- Some merchants even force their customers to store card details before using their services and apps which ultimately increases the risk of users' sensitive information being stolen.
- A tokenised card transaction is considered safer as the actual card details are not shared with the merchant during transaction processing.
- Post implementation of card tokenisation norms, all the customers’ data will be with the bank only.
- Customers need not have to pay any charges for availing this service.
Is it a mandatory feature?
- According to RBI, credit/debit card users don't need to use the token system mandatorily.
- However, if the card user opts not to use the tokenisation system, they will be required to manually enter credit/debit card details every time while conducting a transaction on an e-commerce or merchant website.
News Summary:
- Payment aggregators are finally prepared for the October 1 rollout of RBI’s card-tokenisation norms.
- The deadline for implementation of tokenisation, which aims to upgrade data security, was extended for the third time in June, 2022 as the payments industry had asked for more time to avoid disruptions.
- The extension from the RBI has also allowed for more awareness among customers.
- For tokenisation, companies have to tie up with payment service providers and set up systems to charge customers’ cards without having to store the information on their servers.
- Razorpay, PhonePe, Worldline provide the bridge for these services between banks and merchants.
- From October 1, spends on platforms like e-commerce, food delivery and streaming services will be processed through tokenisation as against the ‘card on-file’ system, where merchants stored details like card number and expiry date on their servers.