Continuing with the efforts to improve the safety and security of card transactions, the RBI has permitted card networks for 'tokenisation' to any token requestor i.e. a third-party app provider.
Many of us are not very confident about sharing our credit or debit card number and other card details with others, especially while shopping on the Internet. One of the major concerns among cardholders is about the card number being stored with the merchant payment system.
However, continuing with the efforts to improve the safety and security of card transactions, the Reserve Bank of India (RBI) has permitted card networks such as Mastercard and Visa for ‘tokenisation’ in card transactions to any token requestor, i.e. a third party app provider.
Also Read: Good news for IAS aspirants: General category candidates set to get more chances to crack civil services exam
“Tokenisation is the process of replacing a card’s primary account number (PAN)—the 16-digit number on the plastic card—with a unique alternate code, or “token,” said Mastercard in a statement. Transactions which are Near Field Communication (NFC) based contactless transactions, in-app payments and even the QR code-based payments, will become more secure than before.
How Tokenisation works
Going forward, the 16-digit card number will get ‘masked’ and will not be of any even known to the merchant establishment. What the merchant will store is a ‘token’ created against the card number. Every such token will then be de-tokenised at the card network back end to initiate payments to the concerned merchant.
The card networks such as Mastercard or Visa will approach credit card and debit card issuers such as Citibank, SBI, ICICI bank etc. to add this feature of tokenisation across their cards.
Step 1: Go shopping online and enter the 16-digit card number
For example: 1212 2323 3434 4545
It immediately creates a token number specific to your card number
For example: k#6h7&24!z
Only the token number k#6h7&24!z is stored in the merchant system.
Step 2: The token then goes to the Payment Processor, (card networks) the only readable link in the entire system.
Step 3: The token is de-tokenised and the payment is released to the merchant.
For the present, this facility shall be offered through mobile phones and tablets only. Mastercard adds, “It takes the security of a physical EMV chip and applies it to non-card environments including mobile and internet payments, mobile point-of-sale transactions, proximity payments and in-app purchases etc.”
Before any such token gets created, the mandate for Additional Factor of Authentication (AFA) / PIN entry shall be applicable for tokenised card transactions also, thus giving more control to the cardholder. Tokenisation in all likelihood will eliminate a significant ‘hassle factor’ for cardholders and offers them the choice to make secure digital payments from a variety of connected devices through a tap, touch, or click.