In September 2021, the Reserve Bank of India announced the introduction of tokenisation to add an additional layer to protect the financial personal data of customers using credit and debit cards.

However, due to challenges faced by the stakeholders concerned with respect to their institutional readiness, the mandate has been postponed a couple of times with the recent timeline being September 30.

Tokenisation will lead to a paradigm change as the personal data saved on merchant platforms and payment aggregator platforms will have to be removed. Instead, payment networks would have to initiate a token number which would hide the 16-digit card number, CVV and expiry date of the customer’s credit and debit cards.

Thus, the merchant platform will not be able to see the customer’s financial personal data and can only view a token number every time a transaction is made.

Big enterprises such as Visa, MasterCard and RuPay have already complied with the RBI’s mandate. From the customer’s side, there will be no requirement fees for opting for tokenisation. If the customer does not want to opt for tokenisation, she will still have alternatives such as Cash-On-Delivery, or filing card details every time she makes an online payment.

Banking institutions need to be ready for tokenisation, followed by payment aggregators, and merchants. There is a need to provide every stakeholder enough time to adopt tokenisation to minimise the disruption caused.

The time factor is particularly relevant to India as most Indians are yet to be integrated in the digital payment ecosystem. For instance, currently thousands of online transactions take place online per second. However, the test runs of tokenisation revealed that one online payment transaction took approximately 7-8 seconds to be completed. Such a huge delay in processing transactions could lead to technical snags and system getting frozen mid-transaction. This could also deter customers from making payments online and force them to revert to cash-on-delivery payments.

Already RBI’s instructions for subscription-based businesses, such as, Netflix, Spotify and Bombay Shopping Company, which prohibit recurring online payments, have confused consumers. It has deterred customers from online transactions given the tedious process of monthly online payments. Similar unpleasant customer experiences are expected to occur if tokenisation is implemented too soon.

For instance, while Linux is the technocrat’s go-to software, the average customer has always preferred IOS due to ease of use. Such experiences are important learnings when it comes to adopting tokenisation.

Also, the current system of tokenisation will only be available for online transactions made on mobile phones and tablets. Keeping a tab on which devices tokenisation can be enabled might be too confusing for people. In the short run, there could be a decline in online digital transactions in tier-two and tier-three cities, especially among senior citizens.

The regulator needs to be sensitive to the requirements of India that has just begun its journey of digital literacy. Tokenisation is indeed the next step in ensuring safety and privacy of a customer’s personal financial data.

However, if the readiness of all the stakeholders for tokenisation is not ensured, it will impact the government’s vision towards creating India a $5 trillion digital economy. One important lesson learnt from RBI’s Standing Instructions (e Mandate) were that no matter how well intentioned a policy mandate is, it should also be looked at in a wider context of the customers’ willingness and readiness.

In this regard, mass awareness campaigns are the need of the hour. Currently only the leading technocrats of the country are aware of this mandate. Tokenisation still needs at least a year of awareness exercises and stakeholder management if its positive impact needs to be realised without disruptions.

The writer is a Development Economist and a former Secretary in the Government of India

Related Topics
comment COMMENT NOW