Often when you shop online, you’re requested by the merchant – who could be an ecommerce website or an app – to store your credit card details on their file. This allows you to complete your shopping quicker the next time you transact there. But if the merchant has info-security vulnerabilities, their servers can get hacked, and sensitive card information such as your card number, CVV, expiry date etc. may get leaked and be used to make fraudulent transactions from your account.
With tokenisation, your data remains safer. Your sensitive data is replaced by a 16-digit token number linked to your card and can be used to complete your transaction. The merchant can save this token number on their website.
Even if this number is compromised in a data breach, it cannot be used to complete unauthorised transactions. Therefore, tokenisation helps safeguard your sensitive card data and allows you to transact with your card without actually presenting it.
For consumers, tokenisation provides a greater degree of data safety without any difficulty in transactions. When a card gets misused, banks can move quickly to block it and issue a new card. This carries a cost to the bank. For the consumer, it’s also a painful process because the new card will require setting up fresh payment mandates in any place the older card was used. With tokenisation, the incidence of card fraud can be checked, and therefore the need to replace cards would fall.
Similarly, data breaches are problematic for merchants as well. If an e-commerce website gets hacked, its credibility suffers, and consumers will trust it less for future transactions. But if the data is secured through tokenisation, the merchant can also rest easy.
The Reserve Bank of India (RBI) has allowed card issuers to offer card tokenisation services as Token Service Providers (TSPs). The TSPs can take the consumer’s explicit consent via Additional Factor of Authentication. After this, the consumer will get a tokenised number to use for transactions instead of sensitive card data. Customers can decide if they want their card to be tokenised or not.
Our current understanding is that each transaction will require a fresh token. Generating the tokens are not expected to be cumbersome for the customer. However, operational details need to be rolled out by card providers. Consumers can look out for these details to understand how they’ll be able to tokenise their card details for safer transactions.
The Reserve Bank of India (RBI) recently said no associated entity involved in the payment process, apart from banks and card issuers, will be allowed to store sensitive user data from January 1, 2022. Any such data saved by the merchants or payment aggregators will be removed by the set deadline.
(The author is CEO – Bankbazaar.com; views expressed are personal)
Download Money9 App for the latest updates on Personal Finance.