Users of debit and credit cards face a number of threats from fraudsters – like skimming, hacking, phishing etc. To make the cards secure and safeguard the card users, the Reserve Bank of India (RBI) has taken several steps over the years with the advancement in technologies and change in modus operandi of fraudsters.
The latest step taken by the RBI in this direction is tokenisation, which seeks to replace the card numbers with tokens.
“Tokenisation is a concept introduced nationwide by RBI to safeguard all card users. RBI had earlier mandated that all cards be upgraded to chip and pin more from the magnetic stripe. RBI also mandated that all cards require OTP for transaction authentication where the card is not physically used which is commonly called “Card not present” transactions. In a recent circular RBI has disallowed using auto-debit on cards for recurring payment transactions. Thus RBI has progressively introduced safety measures to protect card users from potential risks,” said Balaji Jagannathan, Director and Founder, Paycorp.io.
Accustomed to using the card as it is in stores and on online platforms, the existing card users, however, may feel uncomfortable, at least initially.
“Tokenisation of cards is a simple, yet powerful mechanism for customers to transact online using cards safely. Today consumers share their card details with eCommerce portals which these portals store in their entirety. While many of these eCommerce providers store them safely, we have seen that hackers gained access to the card details frequently. Tokenisation provides a standardised safe mechanism where eCommerce providers can use a specific, designated 3rd party to store the card information. Consumers need not provide the full card details to the eCommerce providers anymore. Instead, they can share the corresponding token,” said Jagannathan.
“The eCommerce providers will use the token to retrieve the card information and complete the transaction safely. As a user, it can be quite unsettling to know that your entire card detail is stored across multiple eCommerce servers and it can potentially fall in the hands of hackers or can be misused. Tokenisation provides a big relief to the users from this risk. Now users can be fairly confident that their card information will be stored only with approved 3rd party card tokenisation companies that are specifically regulated and mandated to keep the information safe,” he added.
Due to implementation issues, the RBI had postponed the deadline of the tokenization rollout earlier. So, are the financial institutions and the 3rd party token providers ready now?
“The banks or financial institutions need not make any change to their current processes in order to support tokenisation. The card information storage and access is a matter of interface between eCommerce providers and the 3rd party tokenisation providers. The eCommerce portals need to use the token provided by the user to resolve the card details. Once this is done, the transaction can proceed as normal,” said Jagannathan.
“The financial institutions will not require any change to their IT infrastructure. In fact, our corporate customers as well do not need any change to their IT infrastructure. When the eCommerce provider identifies their 3rd party tokenisation provider, we will do a one-time integration. Once this is complete, the entire solution works seamlessly without any change to the customers’ experience,” he added.
Talking on the role of Paycorp in the tokenisation process, Jagannathan said, “Paycorp works with payment gateway providers that provide card processing services. These gateway providers have made the necessary process changes to resolve token information to card details. So all card payments processed by Paycorp will automatically resolve the token to card information. Our customers will automatically comply with the guidelines.”