Finschool By 5paisa

Finschool

Tokenization – Can It Be A Future For Business Model Platforms?

Tokenization

Tokenization – Can It Be A Future For Business Model Platforms?

The RBI has issued a final circular making card (CC/DC) tokenization mandatory from January 1, 2022. When buying a product online, we are often forced to store our credit or debit card details on the ecommerce platform. To ensure safety of this- RBI issued the guidelines for tokenisation.

What is Card Tokenization?

Card tokenization is a process of substituting sensitive customer data (such as card number, CVV, etc.) with an algorithmically generated token (encrypted) by a token service provider, which could be the card issuer or payment networks. The token flows through the payment system in a secured way without disclosing the customer details or allowing the payment intermediaries (merchants, payment aggregators) to store customer data. This is mainly to ensure customer data safety/security and curb rising instances of fraud/hacks. Any previously stored data (card-on-file) by merchants/payment gateways will have to be erased.

Here’s what happens when a customer uses his card and transacts on a tokenisation-based authentication server:

  • A credit/debit card is used at a POS machine or on an e-commerce market place
  • The credit card number is transferred to the tokenisation system
  • The tokenisation system generates 16 random characters, also called as ‘token’, to replace the original credit card number
  • The tokenisation system returns the newly generated 16 digit random characters to the e-commerce site to replace the customer’s credit card number in the system.

For instance, card number (example): 5931 9212 3933 3391, will be replaced to token number: 4321 2365 4545 2111.

Types of Tokenization

Card-on-File Tokenization or PCI Tokenization-

With this kind of Tokenization, the card number or UPI handle can be saved when you opt in during your payment online for recurring payments. E.g. your favorite marketplaces/OTT subscriptions where you do not enter your payment credentials every time. With this, you can carry out card-not-present transactions. Such tokenization can be carried out by the merchant, payment aggregators, payment gateways or networks like Visa and Mastercard to meet the PCI DSS guidelines. All tokenization options may not be present in all regions, example in India there are restrictions imposed by RBI on the entities which can store/tokenize the payment credentials.

Globally popular OTT platforms and marketplaces like Netflix or Amazon could tokenize your sensitive data. In any case, will still be able to see the last 4 digits of your card, butany other party will only see the tokenized  digits. While globally merchants or marketplaces use their proprietary token mechanism with gradual adoption towards network based tokenization.

Device Tokenization-

 Device tokenization is still at a nascent stage in India yet, waiting for mass adoption. This tokenization is carried out by network providers while the token is saved on the mobile device e.g. Samsung Pay, Apple Pay, Android Pay etc. using NFC or SE technology.

Why Is RBI Enforcing Tokenization?

The central bank said that many entities involved in the card payment transaction chain store actual card details (also known as Card-on-File (CoF)) of its users.

In fact, some merchants force their customers to store card details. Availability of such details with a large number of merchants substantially increases the risk of card data being stolen.

In the recent past, there were incidents where card data stored by some merchants has been compromised/leaked. Any leakage of CoF data can have serious repercussions because many jurisdictions do not require an AFA for card transactions. Stolen card data can also be used to perpetrate frauds within India through social engineering techniques.

How It Helps?

Tokenization as a security enhancement measure is used in many countries, including North America, Asia and selectively in India also. HDFCB, ICICI and SBIC already have the card tokenization system in place for online transactions, while few players have device-based tokenization (SBIC with Samsung) for contactless NFC payments. Instead of creating/using own token generating engine, using the payment networks’ (Visa/Mastercard) engine will be far more cost-efficient and technologically advanced and will have merchant acceptability.

Card tokenization is mainly for online transactions, for which, effective January 1, 2022, customers will have to key-in the card number for the first time (as the stored number will be erased) and complete the transaction via a two-factor authentication. At the back-end, a token would be generated by the merchant with the card issuer/network partner, based on which the transaction will be completed. Next time the customer will see the card payment option with the last four digits of the card and the payment will be completed smoothly as used to happen earlier. However, operational details are still not out, including validity, number of tokens per merchant, refreshment rate, etc.

Impact

Mandatory tokenization of cards and resultant customer inconvenience in the initial phase may deter cardholders from making low-value online card payments and may push them to other payment modes such as UPI and wallets. However, it would alleviate security concerns in online transactions; thus, it will be a long-term positive for the card industry. That said, card companies will have to engage and educate customers while ensuring a smooth tokenization process to protect their share in the payments business.



Related Articles

How can Automation affect the economy (2)

How Can Automation Effect The Economy?



Read More
HOW CAN INVESTORS TAKE ADVANTAGE OF BUSINESS CYCLES

How Can Investors Take Advantage Of Business Cycles



Read More
Why Rupee's Fall To 20-Month Low Should Not Worry You

Why Rupee’s Fall To 20-Month Low Should Not Worry You



Read More

Controlling Emotions While Trading



Read More
SEBI GIVES A POSITIVE NOD FOR LUCRATIVE CHANGES TO IPOs

SEBI Gives A Positive Nod For Lucrative Changes To Preferential Issues



Read More
digital banks

Digital Banks – A New Era Rebooting Banks



Read More
FINANCIAL INCLUSION (2)

Financial Inclusion – Changing The Sector Together Brings Smiles For The Unbanked.



Read More
Is Neo-Banking The Future of Banking

Is Neo-Banking The Future Of Banking?



Read More
NPCI JOINS HANDS WITH AGGREGATORS FOR TOKENIZATION

NPCI Joins Hands With Aggregators For Tokenization Facility



Read More
Rupay v/s Visa- India's Local Rival Raises Concerns for The US Giant

Rupay v/s Visa- India’s Local Rival Raises Concerns for The US Giant



Read More
UPI transactions

UPI Transactions Cross $100bn Mark In October 2021



Read More
Digital Rupee and cryptocurrency - Can They Coexist?

Can Digital Rupee and Cryptocurrency Co-exist?



Read More
cross border payments

What Are Cross Border Payments And How It Is Getting Revolutionised?



Read More
Bad Banks Could Be The Much-Needed Vaccine To Check The Zooming NPA Crisis Amid Pandemic

Bad Banks Could Be The Much-Needed Vaccine To Check The Zooming NPA Crisis Amid Pandemic



Read More
co-lending Model

Can Co-lending Models (CLM) Be The Future Lending In India?



Read More

Points to Remember Before Filing Your Tax Returns on Time



Read More
How Crypto Is Attracting Millenial - Is The Risk Worth It ?

How Crypto Is Attracting Millenial – Is The Risk Worth It ?



Read More
NBFCs To Get Equally Treated As Banks Under Prompt Corrective Action By RBI

NBFCs To Get Equally Treated As Banks Under Prompt Corrective Action By RBI



Read More
India To Witness New Alliances

India To Witness New Alliances



Read More
RBI retail

RBI Retail Direct Scheme- A Significant Milestone In Government Securities Market



Read More

Why A Balanced Advantage Fund Is A All Season Fund?



Read More
account aggregator network

What are Account Aggregators?



Read More