In order to further strengthen the security of online card transactions, the RBI has mandated tokenisation to card networks. Let’s find out how that will work.
With e-commerce companies stepping up efforts to outdo one another through clever marketing gimmicks, it comes as no surprise that India’s retail e-commerce CAGR is projected to reach 23% in 2021. These days, e-commerce companies offer a host of options for customers to make payments -online wallets like Amazon Pay, PayTM, Netbanking, UPI to cash on delivery.
If you shop on an e-commerce website frequently, to facilitate easier checkout, many of these sites will save your card details. With cybercrime and fraudulent transactions on the rise, many of us may not feel so sure about sharing our Debit or Credit Card details while shopping on the internet. It is for this reason and to further improve the safety and security of card transactions, the Reserve Bank of India (RBI) has permitted card networks like MasterCard and Visa for ‘tokenisation’ in card transactions in India.
For those of us who still don’t know much about tokenisation and how it will improve payment security, here’s everything that you need to know.
What Is Tokenisation?
Think about when you go to an arcade game plaza and purchase tokens to play games. The token represents money and you can use the tokens to play pong, Pac-man, centipede etc. You can’t use the tokens once you step out of the plaza to pay for your cab ride back home though. Tokenisation of cards follows the same principle.
Additional Reading: Are You An Irresponsible Credit Card User?
How Does Tokenisation Work?
Your 16-digit card number will now be replaced by a token – a string of seemingly nonsensical letters and numbers. You can use this token, instead of your 16-digit card number to make payments at point of sale terminals and complete your transactions. So then how will the merchants get paid, you ask? The token will be ‘detokenised’ only when it reaches the final destination – the payment processor following which the card network will initiate payment to the merchant.
How Does Tokenisation Improve Payment Security?
In a typical Credit Card transaction, your Credit Card number is exposed to strangers at several points. For instance, while making a payment for your purchase at the supermarket, a criminal hovering nearby could see your card number, memorise it and then use it on a shopping spree. It’s not uncommon for hackers to skim your data at some point while the payment is being processed. The likelihood for these occurrences is reduced to a large extent in tokenisation. This is because the token is meaningless as it passes through various systems authorising your transaction.
Additional Reading: Credit Cards With ZERO First-Year Fees
The following steps will give you an illustration of how tokenisation works:
Step 1: When you make an online payment for your transaction by entering your 16-digit card number, it immediately creates a token that represents your card number. For e.g.: If your card number is 123 456 789 101 123 899, tokenisation will change it to a token that may look like this: k#p$t^u!z*
Step 2: The token then goes to the payment processor i.e. the card network. Only the payment processor can unlock the token.
Step 3: The payment processor unlocks the token and releases the payment to the merchant
Additional Reading: Spend More On Experiences, Not Material Objects!
How Does Card Tokenisation Help Us?
Tokenisation not only strengthens the security of card transactions but it also works out to be convenient for the users. This is owing to the fact that multiple tokens can be issued for the same card for all the platforms where the card is being used.
In the present scenario, if your Credit Card gets lost/stolen, you will have to immediately call up your Credit Card issuer and once you have the new card, you’ll have to update your payment information on all the entities that have your card data stored. This includes your Amazon, Netflix, Uber, automatic bill payments etc. However, in the case of tokenisation, if your phone gets lost or stolen, you will only need to cancel the token representing your card on the stolen device. There’s no need to cancel the tokens that are linked to your other accounts as they’re different from the one that has gone missing.
Additional Reading: The Best Credit Card For Each Income Group
Data breaches are expensive and cost card network organisations millions of rupees. Tokenisation will help keep hacking and data breach at bay. Tokenisation, for now, will be introduced only for mobile phones and tablets. Also, before any token gets created, card networks will introduce an additional layer of security-an Additional Factor of Authentication (AFA)/ PIN entry that will give more control to the cardholder.
Thinking about how to get additional security until tokenisation materialises? You can use a chip Credit Card that has a PIN. Don’t know where to get them? There are plenty on BankBazaar!