RBI’s new big move for credit, debit card safety online: No need to reveal card number; How tokenisation will work

By: |
Updated: January 11, 2019 9:57:16 AM

Continuing with the efforts to improve the safety and security of card transactions, the RBI has permitted card networks for 'tokenisation' to any token requestor i.e. a third-party app provider.

credit card payment, RBI, credit card, debit card payment,Tokenisation, NFC, EMVFor the present, this facility shall be offered through mobile phones and tablets only.

Many of us are not very confident about sharing our credit or debit card number and other card details with others, especially while shopping on the Internet. One of the major concerns among cardholders is about the card number being stored with the merchant payment system.

However, continuing with the efforts to improve the safety and security of card transactions, the Reserve Bank of India (RBI) has permitted card networks such as Mastercard and Visa for ‘tokenisation’ in card transactions to any token requestor, i.e. a third party app provider.

Also Read: Good news for IAS aspirants: General category candidates set to get more chances to crack civil services exam

“Tokenisation is the process of replacing a card’s primary account number (PAN)—the 16-digit number on the plastic card—with a unique alternate code, or “token,” said Mastercard in a statement. Transactions which are Near Field Communication (NFC) based contactless transactions, in-app payments and even the QR code-based payments, will become more secure than before.

How Tokenisation works

Going forward, the 16-digit card number will get ‘masked’ and will not be of any even known to the merchant establishment. What the merchant will store is a ‘token’ created against the card number. Every such token will then be de-tokenised at the card network back end to initiate payments to the concerned merchant.

The card networks such as Mastercard or Visa will approach credit card and debit card issuers such as Citibank, SBI, ICICI bank etc. to add this feature of tokenisation across their cards.

Step 1: Go shopping online and enter the 16-digit card number
For example: 1212 2323 3434 4545

It immediately creates a token number specific to your card number
For example: k#6h7&24!z

Only the token number k#6h7&24!z is stored in the merchant system.

Step 2: The token then goes to the Payment Processor, (card networks) the only readable link in the entire system.

Step 3: The token is de-tokenised and the payment is released to the merchant.

For the present, this facility shall be offered through mobile phones and tablets only. Mastercard adds, “It takes the security of a physical EMV chip and applies it to non-card environments including mobile and internet payments, mobile point-of-sale transactions, proximity payments and in-app purchases etc.”

Before any such token gets created, the mandate for Additional Factor of Authentication (AFA) / PIN entry shall be applicable for tokenised card transactions also, thus giving more control to the cardholder. Tokenisation in all likelihood will eliminate a significant ‘hassle factor’ for cardholders and offers them the choice to make secure digital payments from a variety of connected devices through a tap, touch, or click.

Get live Stock Prices from BSE and NSE and latest NAV, portfolio of Mutual Funds, calculate your tax by Income Tax Calculator, know market’s Top Gainers, Top Losers & Best Equity Funds. Like us on Facebook and follow us on Twitter.

Next Stories
1Finway launches Credit Inclusion Secured Loan to improve CIBIL scores of defaulters
2Good news! Enhanced liquidity, tax incentives make NPS a preferred investment scheme
3Important news for customers of ewallets like PayTm, Mobikwik, others. Big step by RBI to check unauthorised transactions