How will RBI’s card tokenization ensure a secure digital payment ecosystem?

Tanya Naik, Head of Omnichannel at Pine Labs, said, “With the growing adoption of digital payments, it is encouraging to see the regulator taking steps to strengthen payment security. Tokenization not only helps make the payment transaction experience more secure for the end user, but also helps merchants deliver a consistent user experience and higher transaction approval rates with speed and security. Plural, was one of the first online payment platforms in India to adhere to this mandate and implement card tokenization. To date, Plural has processed over 70% of online volumes, including EMI, via tokens. At Plural, we are keen to solve the problems of omnichannel merchants such as hotels, travel, and endless aisles in retail, and tokenization helps provide a seamless experience. »

“With the growing adoption of digital payments, it is important to protect customer data while enabling seamless transactions. The Reserve Bank of India’s mandate for card-on-file tokenization has focused on building a robust ecosystem to benefit consumers with more secure transactions and merchants with better transaction approval rates. In India, tokenization is a fundamental change that requires all stakeholders in the payments ecosystem – acquirers, issuers, card networks, banks and fintechs, among others – to do their part to help ensure a digital payment environment. secure,” Rishi Chhabra said. , Country Head and Managing Director, India and Sri Lanka, Fiserv.

According to RBI, “Tokenization refers to replacing the actual card details with an alternate code called the ‘token’, which must be unique for a combination of card, token requester (i.e. entity which accepts the customer’s request for the tokenization of a card and passes on the network of the card to issue a corresponding token) and device (hereinafter referred to as “identified device”)”.

By initiating a request on the platform made available by the applicant or the token entity, the cardholder can have their card tokenized. A token matching the card details, token requester and device will be issued by the card network, such as Mastercard, Visa, RuPay or American Express, with the approval of the card issuer. Tokenization is the term to keep in mind when it comes to adding more security to your online card payments. According to the RBI, this procedure involves assigning each payment method a special token specific to it. The customer is not required to pay any fees to use this tokenization and detokenization service, which is only possible through authorized card networks. RBI states, “Normally, in a token card transaction, the parties/stakeholders involved are the merchant, the merchant acquirer, the card payment network, the token requester, the issuer and the customer. However, an entity other than those listed may also participate in the transaction.”

RBI says, “The actual card data, token and other relevant details are stored securely by authorized card networks. The token requestor cannot store the Master Account Number (PAN), i.e. card number or any other card details. Card networks are also mandated to get the token applicant certified for safety and security that conforms to international best practices/globally accepted standards.”

This indicates that online retailers will no longer be able to save your credit card information from tomorrow as they did before. Any number of cards can be requested to be tokenized by a user. The customer can use any card registered with the token request app to complete a transaction, and is also free to set and change daily and per-transaction quotas for token card transactions in accordance with RBI.

HDFC Bank mentioned on its website that “you would have noticed websites and apps giving customers options to save their card details. He made payment quick and easy. As of October 1, 2022, merchants cannot log/store customer card numbers, CVV and expiration date, and any other sensitive card information. It complies with the RBI rule to offer enhanced card security. Secure/Tokenize My Card refers to replacing the real or clear card number with another code called a “token” on online websites/apps. »

Your card information will be invalidated before October 1, 2022 if you have previously saved it on retailer websites or apps. Since you will be required to enter all of your card information each time you make a purchase, card tokenization is not required. However, after successful tokenization and once your card is tokenized, you will be able to authenticate your card on the merchant page by entering the last four digits of the card, which is the only information that will be kept by the merchant and not all card details. the card as was the trend before.

RBI states, “Registration of a tokenization request is only done with the explicit consent of the customer via an additional authentication factor (AFA), and not through forced/default/automatic checkbox selection. tick, radio button, etc. The customer will also have the choice to select the use case and set limits.”

“Registration of a tokenization request is only done with the explicit consent of the customer via an additional authentication factor (AFA), and not by means of a forced/default/automatic selection of checkbox, button radio, etc.”, explains HDFC Bank.

SBI Card mentioned on its website that “RBI has directed payment aggregators, wallets and e-merchants (card transaction/payment chain entities other than card issuers/card networks) to only store no sensitive customer information related to the card, including full card details. Therefore, card numbers may be replaced by “token” as mentioned above. This RBI mandate would come into effect on October 1, 2022. Please be assured that it will not hinder your credit card experience, but will make your credit card transactions safer.

“Since card details will not be saved from 1 October 2022, you will need to tokenize your card on the relevant merchant’s website or app. You can then continue to make payments without re-entering the your card details at that merchant if you have generated a token. If you do not tokenize your card, you will need to manually enter your full card details to complete transactions,” says SBI Card.

“In line with RBI regulatory guidelines, effective October 1, 2022, banks are introducing a tokenization feature for all card users of RuPay/VISA/Master card debit and credit cardholders to improve the security of online transactions. As part of the tokenization feature, neither payment aggregators (PAs) nor merchants can store customer card credentials in their database as of October 1, 2022. All aggregator acquirers payment (AP)/payment gateway are to replace the card stored on file with tokens and the fundamental purpose of tokenization is to enhance the security of digital transactions,” Union Bank of India said on its website.

“Tokenization is a backend process of replacing credit/debit/prepaid card details with a unique set of characters or a ‘token’. This will secure payments and enable future transactions without exposing sensitive card details. You can tokenize your saved cards, depending on merchants. Merchants may either offer the option to save the card using tokenization while you make a transaction or require you to post a login on their website/app to save your cards using the AFA (Additional Factor Authentication, eg: OTP),” Kotak Mahindra Bank said on its website.

Tokenization, which replaces confidential customer data such as card numbers, CVVs, etc. by computer-encrypted tokens produced by the card issuer or payment network (Visa, MasterCard, Rupay), would increase security and further improve the country’s digital payments ecosystem. Tokenization will speed up customers’ digital shopping experiences while enhancing security and reducing hassle in the checkout process as it will no longer be necessary to repeatedly enter your card information because once a token has been issued, it can be used for any subsequent payment on the online merchant’s app or website.

Catch all industry news, banking news and updates on Live Mint. Download the Mint News app to get daily market updates.

More less

To subscribe to Mint Bulletins

* Enter a valid email

* Thank you for subscribing to our newsletter.

Source link

Elaine R. Knight