Credit and debit cards offer exciting discounts, exclusive perks, and lightning-fast payments. But have you ever wondered if entering your card details on shopping websites is safe? Not quite. Therefore, the RBI has introduced tokenised payments.
Here is all you need to know about the RBI tokenisation mandate.
The need for payment tokenisation
If you are an avid card user, the chances are that you have your card information stored on your favourite e-commerce portals. During the checkout process, you can auto-fill it with just a click. While this option is convenient, it poses a security risk. In recent years, there have been countless theft attacks on merchant websites. Hackers have stolen sensitive credit card information, jeopardising the security of thousands of customers.
Concerned about customer data privacy, the RBI has introduced card tokenisation. This new rule of debit and credit card tokenisation is mandatory for domestic purchases and will come into effect from July 1st, 2022.
But what is card tokenisation, and how does it affect you? Let’s explore.
What is card tokenisation?
Tokenised payments are a security measure that has long been on the RBI’s agenda. Under the new credit card tokenisation rules, e-commerce platforms cannot store your card details. These include your card number, name, expiry date, or CVV. Instead, they will only be able to access a ‘token value’ representing your card.
This token value is a random number that has your card number mapped to it. Does this sound familiar? This may remind you of the token system you follow in self-service fast-food restaurants. The server only must read your unique token number to give you your order, and they don’t need to know your name or personal details.
The same is the idea behind the tokenisation of cards by the RBI.
What does payment tokenisation mean for merchants?
When you shop through an app or a website, the merchants facilitate the card payments. So, they store your card details after encrypting them through their own security protocol. However, if their security measures are inadequate, your financial details are at risk. Preventing this is the primary motivation behind the RBI tokenisation mandate.
So, from July 1 onwards, online merchants will have to delete their customers’ debit and credit card information from their records. Instead, this information will be replaced by digital tokens generated as per the RBI’s security guidelines.
By introducing mandatory credit card tokenisation, the burden of security is now on the payment gateways and credit card providers, not on merchants. Thus, the tokenisation of cards by the RBI benefits both the customers and the merchants.
What do customers have to do for payment tokenisation?
The process of tokenising your cards is simple. You just need to consent to an AFA (an additional factor of authentication.) So, the next time you make an online payment using your debit card or credit card, follow these steps:
- Once you select the payment mode as a debit card or credit card, the payment processor will prompt you if you want to tokenise your card. Click ‘Yes’ on the prompt.
- Some payment processors may give you the option, “Save card as per RBI guidelines” or “Secure your card.” Both options refer to card tokenisation. So, select them and click on ‘Save.’
- Then, you will receive an OTP on the mobile number linked to your card.
- Enter the OTP when prompted.
And that’s it. Your card is now tokenised, and all your card details are safe. Now you can go ahead and authorise the payment with your CVV.
How does RBI tokenisation benefit cardholders?
Will the tokenisation of cards by the RBI affect how you make payments? Yes, but only for the better!
- You will enjoy more secure transactions: With tokenised payments, your card details will not be shared with the merchant and will be safe from hackers.
- No, you don’t need to memorise your token number: Once you click on “Secure my card,” the token will be auto generated and saved on the merchant’s website. This is a one-time registration process. This token will be valid for all future transactions, and you don’t have to memorise it for future transactions. You will be able to view the last four digits of your card number during the checkout process for all future transactions on that merchant’s website.
- Tokenisation is free of charge: If you are thinking your card provider will charge any additional fee to tokenise your card, don’t worry. Tokenisation by RBI is completely free of charge and secures your data at no extra cost. Plus, all your credit card and debit card perks will remain the same after card tokenisation.
A word of advice
Credit and debit card tokenisation by RBI is a step in the right direction for promoting customers’ online safety. It is a quick one-time process, costs nothing, and guarantees secure online payments in the future. So, leverage RBI tokenisation as soon as you can and enjoy shopping without any stress.