The Reserve Bank of India (RBI) has mandated all credit and debit card information used for online, point-of-sale, and in-app transactions to be replaced with independent tokens and extended the deadline for the task from September 30 to October 1. Although there's over a month left to get used to the tokenization process, it's high time for consumers to understand it.
The tokenization process is set to replace sensitive payment credentials, such as 16-digit plastic card numbers, names, expiry dates, and codes, with a unique alternate card number or token, as instructed by the RBI.
“Tokenization is used for recurring payments or in cases, where merchants have stored the card details for providing a faster checkout experience. It’s a very simple process to tokenize your card,” says Dewang Neralla, CEO (chief executive officer) NTT Data Payment Services India, an end-to-end payment service provider.
The next time you want to use your debit or credit card to make any purchase online or with a merchant, your card details are usually saved with the merchant. In case their security measures are not good, it puts all customers at risk. Due to any reason, if the merchant’s website gets hacked and debit and credit card details are leaked, customers will get into trouble. RBI wants to fix exactly this issue by making card tokenization compulsory; the onus of card security now lies on banks and processors, and not on merchants.
The following process needs to be done with every merchant for each transaction separately.
Currently, it is not mandatory to tokenize your cards. A customer can choose whether to or not to tokenize his/her card. A customer can continue to transact as before by entering card details manually at the time of initiating the transaction if he/she does not wish to create a token.
Tokenization is a major reform that would go a long way in enhancing the security of online transactions. “Once tokenization is implemented, a customer must follow the one-time registration process carefully based on their own decision to whether to store the card or not for every card--whether it's for any subscription payments or even just plain card storage, at every e-commerce or merchant’s website,” says Neralla.