If you’re wondering whether you’ve taken a wrong turn and landed up in the engineering department, don’t worry. This is not going to be an article on data security, but rather, an attempt to explain RBI’s new stance on credit and debit cards.
Since October 1, 2022, RBI’s tokenisation norms have come into play.
According to Economic Times, “The Reserve Bank of India (RBI) is ready to bring its card-on-file tokenisation norms into effect from October 1 after various complaints were filed regarding the misuse of debit or credit cards.”
If you have always wondered: What is RBI’s card tokenisation rule? Is tokenisation mandatory in India? What are the benefits of card tokenisation?
Read More: Not Public Provident Fund or 5-year FD, this is the best investment option for Section 80C benefit
..then keep reading to find out!
What Is Tokenisation?
Have you ever noticed that when you add your address to Zomato or Swiggy, you get the option to save it under a particular name? Just like that, a token is a name assigned to your credit or debit card details. Of course, it isn’t a word. In this case, the token is a unique alternative piece of code.
This is done for safety. It’s designed this way to ensure your card details are protected over the open net. If you opt for the tokenisation method, then your card details are not stored directly — only the token is stored.
“In case of an online transaction, instead of card details, a unique token will be stored on the server. The merchant or transaction platform sends out a message to Visa or Mastercard or a payment gateway, who asks for a token against that card number and will then pass it on to the bank for allowing the transaction.” — NTT Data Payment Services, India
This is added security, like the equivalent of storing your valuable jewellery in a bank locker, as opposed to your wardrobe. Ironically, it can even be compared to wearing your face mask to protect yourself from COVID-19 pathogens.
But fear not! Using the tokenisation system is easy. It may even be easier to understand than the latest Nolan movie!
Can you guess why the usage of the system is so easy even though it probably involves a mountain-load of code?
The secret is — you don’t really have to do much.
Read More: Good News for Defence Pensioners: Centre extends pension benefits to THESE personnel
How Can You Tokenise Your Card?
Imagine you’re on an online shopping website. You’ve let go of your inner shopaholic and now you’re finally ready to check out. You select your address and add your card details. A small pop-up window opens, asking whether you’d like to save your card for next time. Without thinking, you click on “Yes”.
We’ve all done it in the past. In fact, this has become so commonplace that we don’t even think about it anymore. But we should.
Would you really save your identification documents on other online platforms? Are we not always warned to be careful and not disclose any personal banking information over the phone?
But this way is better than revealing your card details to a third-party merchant website.
Tokenisation is actually a solid step toward protecting data privacy. No longer will your payment details be exposed to unknown websites. No longer will you be at risk for online scams.
What Does The Tokenisation Process Look Like?
The same as before, with one change. Now, after you enter your card details, you will get an option to “Secure your card” as per RBI guidelines. If you click on that, the bank will send an OTP to verify your identity. On successful verification, a token will be generated for that payment method — your credit or debit card. This token will now be saved instead of your actual card details.
Where Is The Token Stored?
The token is stored on secure card networks according to RBI’s instructions. For all transactions, only the token is stored on the server, not the actual card details.
If you want more information on which are the authorised card networks, you can check out RBI’s list here.
Why Is Tokenisation Important?
There is no doubt that tokenisation is changing the entire online payment market. With new guidelines, added security and questions all around, banks and payment gateways are scrambling to adapt.
There is VERY little difference, in terms of user experience. Instead of saving your card on the merchant website, you will now create a token and save that instead.
You get more security for no extra effort. Who knows what else will come up, now that the digital payment ecosystem will be more secure in India.