From June 30, no need for Debit or Credit Card details for online shopping as per the RBI new mandate, tokenisation of card is necessary for online merchants such as Amazon, Flipkart, Myntra, BigBasket, Paytm, Zomato to store the card detail otherwise they will not able to store or save your credit and debit card from 30th June 2022, the earlier deadline was 1st January 2022 but RBI extend the deadline to another to six months.
This will change the way you use your card for online shopping and you have to enter all the detail likes 16-digit cards number, name on the card, and CVV detail every time to complete your payments. This becomes a very tedious and lengthy process to memorize all card details and enter every time for shopping. To make this process simple and convenient RBI brings the concept of tokenization of card to make online payment more secure and convenient.
All about tokenisation of card in india, its benefits, charges, uses etc.
- All about tokenisation of card in india, its benefits, charges, uses etc.
- What is card tokenisation?
- Why RBI is going for tokenisation?
- How does tokenisation work?
- Is the Tokensation service is free?
- Does a card have different tokens for different Merchants?
- How to manage my tokens?
- What is de-tokenisation of Card?
- Is tokenisation of card is mandatory for customers?
- What will happen to the token once the card gets replaced, renewed, reissued, or upgrade?
- What will happen after 30th June 2022?
- What are the use case (instances /Scenario ) for which tokenisation is allowed?
What is card tokenisation?
Tokenisation is a simple process of replacing the actual 16-digit card details with a Unique code/token useful for the online transaction. This ensures that the transactions are seamless without exposing the customers’ confidential data and helps to mitigate any risks of security breaches.
The tokens generated through this process are used for online shopping in place of actual card details Thus in the event of any online merchant’s data breach or compromise, the user’s sensitive details will remain protected since they are not shared with an online merchant. According to RBI, all adequate safeguards & measures are put in place so that even if these tokens are leaked during such a data breach, it is not possible to reverse engineer or decrypt them and get actual card details from the tokens or vice versa.
Why RBI is going for tokenisation?
Right now every online shopping websites save your card details on their own server for the name of convenience and comforts, and you just enter CVV detail to complete the transaction. Availability of such confidential data with large numbers of online merchants substantially increases the risk of data being stolen.
In recent days we saw many incidents where users’ confidential data was breached or leaked and sold on the dark web. Besides, you may have also saved your card details on some websites years ago and forgotten all about that. “There is a high chance some of the merchants will not know how to store secure card information,”. Amidst the rise in cases of financial fraud in India RBI adopt the framework of tokenisation, under this framework online merchants will no longer save the actual credit and debit card details of users and also delete all the saved cards details before June 30, 2022, the earlier deadline was 1st January 2022 but RBI extend the deadline to another to six months.
How does tokenisation work?
To tokenise your card details, the cardholder must initiate a request on an online portal like Amazon, Flipkart, Swiggy, etc, or an application provided by the token requestor, which is then forwarded to the card network/Token service providers(TSPs) like Mastercard, VISA, Rupay. The card networks/TSPs will first request verification of the data from the issuer’s bank. When the data has been verified, a unique token/code is generated for a combination of card, token requestor (i.e. the entity which accepts requests from the customers such as Flipkart, Amazon, Zomato), and device (referred hereafter as “identified device”).
Note: It is pertinent to note that tokens are not only linked to the card details and the token requestor, but also to consumer devices.
Is the Tokensation service is free?
Yes, tokenisation of card is absolutely free for any cardholders. the user can request tokenisation for any number of cards. Currently, tokenisation is applicable only to domestic cards only. International cards are not covered under this guideline.
Does a card have different tokens for different Merchants?
As we know a unique token/code is generated for a combination of card, token requestor (i.e. the entity which accepts requests from the customers such as Flipkart, Amazon, Zomato), and device (referred hereafter as “identified device”). For Example, if an HDFC Bank credit card tokenised on Amazon, then, this same card will have a different token on Flipkart different tokens for Grofers, and so on i.e, one card has different tokens for different merchants. However, you needn’t remember or memorize these token linked with the card. You can tokenise the same card with multiple merchants or tokenise multiple cards with the same merchant.
How to manage my tokens?
As per the RBI circular, the card issuer bank will provide a dedicated portal through internet Banking or mobile applications, or at branches, or Interactive Voice Response to manage the list of merchants in respect of whom the CoFT has opted, and option to de-register or delete these token whenever they want.
What is de-tokenisation of Card?
Conversion of the token back to actual card details is known as de-tokenisation.
Is tokenisation of card is mandatory for customers?
No, it is not mandatory, customers can choose whether or not to let his / her card tokenised, but if the customers do not opt for tokenisation before 30th June 2022, users have to enter full card detail CVV each time they make an online transaction, which will make the process lengthy and tedious.
What will happen to the token once the card gets replaced, renewed, reissued, or upgrade?
If your card gets replaced/renewed/ reissued or upgrade for any reason, then simply visit the merchant page and apply for the new token. Because your new card (credit or debit) may come with a different card number and different CVV.
What will happen after 30th June 2022?
As per the RBI mandates, online merchants have to delete all the card details that had been saved until now, from their systems. the customer either enters full card detail for every online transaction or opt for tokenisation.
What are the use case (instances /Scenario ) for which tokenisation is allowed?
Tokenisation has been allowed through mobile phones and/or tablets for all use cases/channels (e.g., contactless card transactions, payments through QR codes, apps, etc.)