The Reserve Bank of India – the Apex body of Banks & financial Institutions in late 2021 had published a notification establishing rules for Merchants, Payment Processing Partners, Banks & Card Network Companies regarding the tokenisation of debit/credit cards that were being stored as per the card on file on merchant websites & portals.
The deadline was revised 3 times from 1st January 2022, 1st July 2022 to now 1st October 2022 which now is the day that the Rule has finally gone live.
What was the reason for the RBI to take such a step?
India has always aimed to be a digital economy, with predictions to be a 5.3 Trillion Dollar Payment economy by 2025. Post the ban of 500 & 1000 Rupee Notes in 2016 and the Covid Pandemic in 2020, the use of Digital Payments had a major spike and with that also came an increased risk of Cyber Financial Frauds which had accounted to the value of 5 Lakh Crores in the last 5 years.
The Reserve Bank wanted a method to secure consumer’s financial details like cards which are stored by consumers on merchant sites like Zomato, Flipkart, Microsoft, Google etc for their convenience but would not be compromised incase of a data breach or hacking of these websites.
Hence this was followed by the move of card tokenisation.
What is Card Tokenisation?
let’s take an example to explain the concept of card tokenisation :
- suppose you are a netflix subscriber who has subscribed to a plan of Rupees 499 a month,
- now to pay for this plan Netflix shall ask for your card details i.e. Your Name, 16 Digit Card Number, Expiry date & 3 Digit CVV(4 Digits in case you use American Express),
- once you enter the card details and authenticate the transaction, every month on a specified date Netflix shall auto debit the sum of Rupees 499 from your card.
- also its a notable point that Netflix has the card details stored with them.
- once tokenisation comes into play your 16 Digit Card number, Expiry date, CVV along with your name will get replaced with a Unique token Number, as an example let’s take the token number as 12345678(it can be alphanumeric as well) which would mean that netflix would no longer have your card details, but only the token no 12345678 and your information gets encrypted i.e. stored in the token.
- This would apply to all online merchants where you would be transacting viz Flipkart, Amazon, Zomato, Swiggy, Bigbasket, JioMart etc.
- Unique Token Numbers will be generated on each merchant Website for the same credit/debit card
How Safe is Card Tokenisation?
Since a token number is encrypted and card details are stored within them, it would be conclusive that tokenisation is safe as it would take a lot of time for any hacker to decipher details, another point to add is that each merchant will generate a separate unique token for the same card, hence one can be rest assured that their financial information is safe online.
Is Card tokenisation mandatory?
Card tokenisation is not mandatory for consumers like you and me but is mandatory for merchants to store card details in Token Form only.
Consumers need not opt for the same, however each time card details will have to be entered while a transaction is being made.
What happens to cards already saved at merchant websites?
The RBI order directs merchants to delete all card details that have not been tokenised on or after September 30, 2022. Hence you may find all your saved cards to have disappeared from your favourite online shopping sites.
Impact of tokenisation on Recurring Payments ?
While it is said that tokenisation is not mandatory for a consumer, it will eventually be mandatory for recurring payments on platforms like Netflix, Amazon Prime, Google, Microsoft etc as these platforms work in such a mechanism that payments have to be auto debited via linking of cards, so a consumer will have to tokenize the card in order to avoid service disruption.
How can one opt into the scheme of card tokenisation?
While performing a transaction online, an option shall appear to “Save Card as per RBI Guidelines”, Clicking the checkbox on that option will convert your card into a token and save the same on the merchant website and shall be visible to you on your next transaction with the same merchant.
While most of the Western Countries do not have such strict rules in regards to their financial system, it was an expected move from the Reserve Bank to secure and safe guard the financial position of consumers in India.
While this move is not welcome by many and may tend to cause disruptions with many businesses and consumers, it is the need of the hour in this country where cyber frauds are on the rise.
Do let us know your views in the comments below.