The Reserve Bank of India (RBI) recently extended the deadline for the tokenisation of credit and debit cards by another three months from June 30 to September 30 this year.
This means from October 1 onwards, each card user will have an option to create a token which can be used for sending online payments, instead of sharing card details with merchant each time they buy a merchandise online.
It is important to mention that one RBI report noted that there were 7,363 cyber frauds involving ₹one lakh & above amounting to a total of ₹1.38 lakh crore in India in 2020-21.
This is seen as a safe and secure way to make payment and will dissuade customers from sharing their card details at every other merchant and digital payment network.
Some merchants such as Uber, Swiggy, Cred and MakeMyTrip have already started offering tokenised transactions.
The process of tokenisation will soon enable card holders to get their cards tokenised by initiating a request. This request for creating token can be made on the app provided by the token requestor.
This is how a token can be created:
1. Request to merchant: First and foremost, the card user sends the request to create a token with regards to a particular debit or credit card to merchant, say an online marketplace.
2. Card network: After this, the merchant (token requestor) sends the request to the card network. After receiving the consent of card issuer, the token requestor will issue a ‘token’ corresponding to the card.
3. Charges levied? It is imperative to note that the customer does not need to pay any charges for availing this service.
4. Gadgets to use: Tokenisation has been allowed through mobile phones and / or tablets for all cases and channels (these include contactless card transactions, payments through QR codes, apps etc.).
5. Authorised networks: Tokenisation and de-tokenisation can be performed only by the authorised card network. The list of card networks authorised by RBI to operate in India is available on RBI website at this link.
6. Remembering it? Customers don’t need to remember the token details. This is nothing more than a masked identity of your card. So, the card remains important even after a token is created.
Actual card data and token details are stored in a secure mode by the authorised card networks. After token is created, token requestor cannot store card detail on its servers.
Card networks are also mandated to get the token requestor certified for safety and security that conform to international best practices / globally accepted standards.