The Reserve Bank of India (RBI) has recently introduced a new feature for card transactions, called card tokenisation, which aims to enhance the security and convenience of customers. Card tokenisation is the process of replacing the actual card details, such as the card number, expiry date and CVV, with an alternate code called the “token”, which is unique for a combination of card, token requestor and device. The token can be used for online, point-of-sale and in-app transactions, without exposing the actual card details to the merchant or any other entity.
How does card tokenisation work?
To avail the benefit of card tokenisation, the customer has to initiate a request on the app provided by the token requestor, which can be an authorised card network or a card issuer. The token requestor will forward the request to the card network, which, with the consent of the card issuer, will issue a token corresponding to the combination of the card, the token requestor and the device. The customer can then use this token for making payments through various channels, such as contactless card transactions, QR codes or apps. The token can be de-tokenised or converted back to the actual card details only by the same token service provider that issued it.
What are the benefits of card tokenisation?
Card tokenisation offers several benefits for customers, such as:
- Enhanced security: A tokenised card transaction is considered safer as the actual card details are not shared with the merchant or any other entity during transaction processing. This reduces the risk of card frauds, data breaches and identity thefts.
- Convenience: The customer does not need to enter or store the card details repeatedly for making payments on different platforms or devices. The customer can also manage and revoke the tokens issued for different devices or token requestors through a centralised app or portal.
- No charges: The customer does not have to pay any charges for availing the service of card tokenisation.
What are the challenges and limitations of card tokenisation?
While card tokenisation is a welcome step towards improving the security and convenience of card transactions, it also poses some challenges and limitations, such as:
- Customer awareness: The customer needs to be aware of the concept and process of card tokenisation and how to use it safely and effectively. The customer also needs to be vigilant about phishing attempts or fraudulent apps that may try to trick them into sharing their actual card details or tokens.
- Device compatibility: The customer needs to have a compatible device that can support the feature of card tokenisation. Some devices may not have the required hardware or software specifications to enable contactless payments or QR code scanning using tokens.
- Regulatory compliance: The entities involved in card tokenisation, such as token service providers, token requestors, merchants and acquirers, need to comply with the regulatory guidelines issued by RBI from time to time. These include ensuring data protection, customer consent, additional factor of authentication, transaction tracking and reconciliation.
Conclusion
Card tokenisation is a significant innovation in the field of digital payments that can enhance the security and convenience of customers while making card transactions. However, it also requires customer awareness, device compatibility and regulatory compliance from all stakeholders involved. As RBI has made it mandatory for all entities in the card transaction chain to implement card tokenisation by September 30 this year, it is expected that this feature will soon become widely available and adopted by customers across India.