Raghav and Madhav were in a relaxed mood on a Saturday afternoon and caught up over pizzas and movies on Netflix. An interesting conversation followed.
Raghav: Madhav, I am tired of online and digital transactions. I get notifications of so many declined transactions on my card. It takes me an eternity to subscribe to the annual plan of my favourite overseas magazine. Transactions are disallowed each time I try to pay the subscription amount.
Madhav: I understand your frustration, but don’t blame it on the digital infrastructure. Credit card companies might be cautious in approving transactions to prevent any fraudulent action.
Raghav: But it is really troublesome for those wanting to make genuine transactions; there should be some way to rectify the situation.
Madhav: Hey, there is already a solution to your problem (with an encouraging pat on Raghav’s back). It is called Card Tokenisation. This is a process where the card details are encrypted, and a unique code is generated, for the user to transact with merchants. The payment process is similar with a token but the original card details will not be revealed to the merchant.
Raghav: But does this really serve the purpose? Has this process started already?
Madhav: You see, with increased digitisation and online payments, there has been a rise in fraudulent activity. The tokenisation process is expected to address this problem. Tokenisation adds an additional layer of security. The RBI had previously issued a circular prohibiting online merchants from storing customer card details from June 30, 2022, onwards. That deadline was revised to September 30, 2022. From October 1, consumers must enter card details manually every time.
Raghav: So, how do we tokenise cards?
Madhav: It is simple. Once the cardholder checks out any merchant (e-commerce etc.) website, and enters the card details, he can opt to secure his card. The merchant will make the request for a token from the card issuer.
Raghav: But what benefits do consumers get out of it?
Madhav: As I told you earlier, it adds an additional layer of security as the merchant will no longer be able to store the actual card number; therefore the problem of data loss is taken care of.
Right now, tokenisation is only available through mobile phones and tablets. In case of loss of your mobile phone or tablet, there is the risk that the saved data on the merchant’s website can be misused because the OTP for authentication can also be accessed from the stolen phone. In such a case, the consumer can simply detokenise the card and stay secure.
Tokenisation will also help reduce the number of ‘declined’ transactions you face, as tokenised cards have an additional layer of security and therefore credit card companies will approve the transactions.
Do remember, tokenisation is valid only for active cards. After the expiry of an old card the cardholder must update the details of the new card.
Raghav: But are tokens really effective against data loss?
Madhav: Tokens are not substitutes for your cards. But they provide access to your card details. The token is sent by the merchant to the card network, which matches the token to the card and approves the transaction. Hence, there is negligible scope for data theft.