Online payment using credit, debit cards will be much safer as your card details will no more be saved on merchant sites like Amazon, Flipkart from January 2022. So there will be no fear of data theft after this implementation.
News Updates is Brought to You by SATiiTV.COM
Till now, merchants and e-commerce entities asked their customers to save card details so that payment for purchases can be made faster. It also increases the risk of data being stolen.
With this changes, it can be avoided as now the Reserve Bank of India is allowing tokenization of cards while making payments.
Reserve Bank of India Mandate For Tokenization
Under this rule, RBI has directed merchants not to store card details in their system from 1st January 2022.
Further, RBI has extended tokenization of card-on-File (CoF) transactions where card details used to be stored by merchants.
In a circular, the RBI said, with effect from 1st January 2022, no entity in the card transaction or payment chain, other than the card issuers and card networks, should store the actual card data. Any such data stored previously will be purged.
Prior to this, the RBI had barred storage of data in March 2020 although, extended the deadline to 31 December 2021.
How Does Tokenisation Work?
Tokenization is the process of replacing the card details with an alternative code called ‘token’. A token is unique for a combination of card, token requestor and the device.
Here, a token requestor is an entity that accepts a request from the customer for tokenization of a card and passes it on to the card network to issue a token.
The same system is also being used in making payments at point-of-sale (PoS) terminals and QR code payments.
How To Tokenize Your Cards?
Tokenisation can be done through mobile phones or tablets for all use cases and channels like contactless card transactions, payments through QR codes and apps.
Now, cardholders can tokenize their cards by initiating a request on the app provided by the token requestor.
Further, the request will be forwarded to the card network by the token requestor with the consent of the card issuer.
It will issue a token corresponding to the combination of the card, the token requestor and the device.
The companies including Visa and MasterCard will act as Token Service Providers (TSPs).
They will also provide the tokens to mobile payments or e-commerce platforms.
So that they can be used for payment for purchases instead of card number and CVV, the three-digit number written on the back of a card.
In the case of digital wallets, when you enter your card details in Google Pay or Paytm, these platforms will ask the respective TSPs for a token. Further, these TSPs will request verification of the data from the customer’s card issuing bank.
Once the verification of the data is completed, a unique code will be generated. It will remain irreversibly linked to the customer’s device and cannot be replaced.
So, whenever a customer uses his or her device to make a payment, the platform will be able to authorize the transaction by simply sharing the token, without having to reveal the customer’s true data.
These tokens can be generated to safeguard payments in mobile wallets and physical or online stores.