After allowing RBI users to link credit cards to UPI, the Central Bank of India is now poised to enforce card tokenization in India. In the midst of all this, many users are wondering what exactly is card tokenization and why apps and websites are proposing users to secure their credit and debit cards according to the RBI’s new guidelines. To clear all your doubts, we explain what card tokenization is and why you should go for it. We also mentioned the need for card tokenization in a country like India and the pros and cons of it. With that in mind, let’s learn more about RBI’s new policies on card tokenization in more detail.
Credit/Debit Card Tokenization in India: Statement (2022)
In this article, we have discussed and explained all about RBI’s card tokenization efforts and what they mean for consumers in India. You can learn about the pros and cons of card tokenization, the need for card masking, and more. Expand the table below and go to any section.
What is card tokenization?
Since at least 2019, the RBI has been pushing the payments industry in India to adopt card tokenization to protect and enhance the security of online card transactions. But what exactly is card tokenization and how does it work? Well, let me explain with an example.
When you use your credit or debit card to buy something on an e-commerce site like Amazon or Flipkart, enter it Card number, your name, expiry date and CVV. All of these details are highly private and confidential and you don’t want them falling into the wrong hands. Now, if you decide to store your card data on an app or website, you basically allow the app or website to store the card data (except CVV) on their cloud servers.
And if you continue with what is happening in the financial industry, we have seen a lot of data breaches lately. Popular Indian websites and digital payment apps have been hacked, dumping card details in plain text on the dark web. The MobiKwik and Domino’s India leaks are fresh in our minds. So, as you see, if you store your private card data on cloud servers of multiple such online apps and websites, your data becomes vulnerable to privacy breaches and data leaks.
While some websites may have the highest level of security in place to protect your card details, some may not Compliance with global safety standards. For malicious actors, distributing your card data across multiple servers with different levels of security opens up more opportunities for hacking. RBI now wants to change the situation in digital payment transactions and standardize the security of all online card transactions with so-called “tokenization”.
If you choose to store your card details on an app or website (called a merchant), a token is basically a token under RBI guidelines generated against your card and stored on the merchant’s cloud servers. Here your private card details are not shared with the app or website. The token is unique encrypted code that points to your card. This way, merchants don’t have access to your private card details and your card is protected from online privacy breaches.
Card tokenization is a mechanism introduced by RBI to protect domestic card transactions
That being said, the responsibility of protecting your card data no longer lies with merchants – apps, websites, payment processors like RazorPay, or banks. In summary, card tokenization is a mechanism introduced by RBI to protect domestic card transactions with random strings of tokens rather than sharing your private card details. See the next section for how it works.
How does card tokenization work?
How card tokenization works is simple. When you decide to tokenize a card, the card network (e.g. Visa, MasterCard etc.) issues the token with the consent of the bank and communicates it to the merchant. For example, if you store an SBI Visa debit card on Paytm according to RBI’s guidelines, Visa generates the token, obtains approval from SBI, and shares the token with Paytm. To find all authorized card networks in India click on this link.
If you store the same credit or debit card in another app, e.g. B. Amazon, a new token is generated and shared with Amazon. Even for the same card, the token varies by merchant (also called requestor) and device. It means the tokens are unique and discreetwhich is good from a security point of view.
The need for card tokenization in India
As mentioned above, the frequent data breaches, leaks and hacks in the digital age have forced RBI to develop card tokenization. Not to mention that apps, websites, payment processors and all intermediaries with different security standards pose a threat to our digital security. Credit and debit card tokenization will eliminate this burden of security on dealers and intermediaries. In addition, it will standardize the security protocol across all channels. For convenience, users are increasingly storing their card details on websites and apps, so card tokenization is really helping to secure credit and debit cards on the web.
RBI’s Card Tokenization Policy: Pros and Cons
Card tokenization has many advantages. First yours Card details are not passed on to the merchant – be it an app or a website. Aside from that, payment processors and other parties cannot access your private card details. Your card transactions are carried out with a uniquely generated code without having to worry about card fraud.
Also, when storing cards on ecommerce sites, you will have peace of mind knowing that only the token is shared with the merchant. Card networks also claim that this will be the case reduce false claims since transactions made with card tokenization indicate high security.
As for the downsides of card tokenization, I don’t think there are any for the end user. Sure, merchants and payment processors need to factor in the RBI guidelines, but other than that, it’s one Win-win situation for consumers.
What is changing for customers?
Nothing changes for consumers. Yes, you don’t have to go the extra mile to tokenize your card through a bank or an app. Similar to how you make a normal transaction, go ahead and do it. Make sure “Back up your card” or “Save according to RBI guidelines” checkbox in the pop-up window you see during checkout on apps like Amazon India, Zomato, Swiggy, Blinkit, and others. This will issue the token for your card and automatically share it with the merchant.
From now on, your card details will be deleted from the merchant’s cloud server and only the token will be stored along with the last 4 digits of the card and your name to identify the end user. From now on, all you have to do is enter the CVV and authorize the transaction with OTP. As you can see, card tokenization has more to do with that Backend of the payment infrastructure rather than the end user.
Card tokenization rollout in India
RBI has been working on card tokenization since 2019 and had decided to enforce it from January 1, 2022. However, due to resistance from merchants and payment processors fearing disruption, the RBI extended the tokenization norms to June 30, 2022. At that time, the RBI again extended the full rollout to July 31, 2022 and now to October 2022. Thereafter, if your card details are not secured in accordance with RBI guidelines, they will be deleted from the merchants’ servers.
Frequently Asked Questions (FAQ)
What is card tokenization in India?
Card tokenization basically replaces your actual card details with a uniquely generated token for online card transactions. It is designed to protect your card details from privacy breaches and online leaks.
What is the last date for card tokenization?
As of now, the last date for card tokenization is July 31, 2022. After that, your card details will be removed from the merchant servers.
Is it mandatory to tokenize your card?
According to RBI, tokenizing your card is still not mandatory. You can tokenize your credit and debit cards as you see fit.
How do you tokenize credit and debit cards?
Simply check the box for “Secure your card” or “Store card in accordance with RBI guidelines” and complete the transaction on any app or website and it will be automatically tokenized. Make sure you make the transaction on mobile phones or tablets.
Is there a fee for card tokenization?
No, there are no fees for tokenizing a card. You can do it as many times as you like.
Why Choose Card Tokenization in India?
So that was all you need to know about credit and debit card tokenization in India. In my opinion, protecting consumers from online fraud and violations is an amazing move by RBI. This will go a long way towards securing credit and debit cards on the internet. Anyway, that’s all from us. If you want to learn more about RBI’s Digital Rupee Initiative, visit our linked explainer. And if you have any questions, let us know in the comments section below.
( Image : Twitter )
|TipsAndTricks.in Home||Click here|