RBI’s New Initiative On Card Security: Tokenisation
Tokenisation, the act of replacing actual card details with unique digital tokens, has been in the limelight lately after RBI (Reserve Bank of India) announced card-on-file tokenisation or CoF for a more convenient and secure card payment experience. The purpose of tokenisation is to make online transactions more secure and to eliminate the need for entering card details every time a purchase is made.
“The replacement of actual card details with a unique digital token is used for recurring payments or cases where merchants have stored the card details for providing a faster checkout experience,” says Rahul Jain, CFO of NTT DATA Payment Services India.
RBI’s initiative on tokenisation is aimed at disabling card storage at payment service providers’ and merchants’ ends to ensure better security.
What are the steps to tokenise your card? To start, when making a transaction on an e-commerce or merchant’s website, select the preferred card options and enter all card details. If the website prompts you to store your card details, choose the ‘secure your card as per RBI guidelines’ option. Upon completion, a one-time password (OTP) will be sent for verification.
The generated token is sent back to the merchant for storage, and subsequent visits to the same site will show the last four digits of the saved card, indicating it has been tokenised. “A new token is generated for every merchant website where card details are required to be stored. The token is now ready for use in subsequent recurring or express checkout payment transactions,” says a spokesperson from NTT DATA Payment Services India.
When a card is tokenised, the card details are securely stored the bank, not the merchant site. “Upon receiving the token from the credit card issuer and confirming its match with the account number, the bank verifies the transaction,” says Akash Sinha, CEO and co-founder of Cashfree Payments, a payments and banking platform.
Furthermore, RBI has announced that card-on-file tokenisation can now be generated directly at the issuer bank level, allowing users to create tokens through their bank’s app or website. Although it is not mandatory to tokenise cards, customers can choose this option for added security. So, with the recent development regarding tokenisation, the future of online transactions is looking more secure and efficient.