Do you often get worried about online transactions through a credit or debit card? If yes, you can heave a sigh of relief now. Online transactions are going to be much safer now with the introduction of a new data security process, known as tokenization, by the Reserve Bank of India (RBI).

Tokenisation is a process of replacing the actual details of credit and debit cards with a unique encrypted code known as a ‘token’. The RBI first proposed tokenization in March 2020 and September 2021 before laying the guideline for merchants to adopt the new data management process. The RBI has now extended the deadline for mandatory implementation of tokenization by the merchants till Sep 30, 2022. Let’s look at why did the apex bank introduce tokenization?
 

HOW WILL TOKENISATION WORK?

On the online platform, your card details will be converted into a unique token and will be saved only with one merchant at a time. Instead of saving your actual card details, merchants will now use these unique tokens to process your transactions online through your debit or credit cards to overcome the data safety issues.

WHY DID RBI PERMIT CARD NETWORKS FOR TOKENISATION? 

Soumee Bhatt, General Counsel, BankBazaar.com, explains, “Tokenisation will replace actual card details with an alternate code called the token. The Reserve Bank of India (RB) has issued guidelines for tokenization because it is considered safer as the actual card details are not shared with the merchant when a transaction occurs. Also, it will be more convenient as someone who opts out of tokenization must type in his name, card number, expiry date and CVV every time he processes an online transaction.”

IS TOKENISATION OF A CARD MANDATORY FOR A CUSTOMER?

No, a customer can choose whether or not to let his card be tokenized. He also has the option to register or de-register his card for a particular use, such as contactless, QR code-based and in-app payments.

STAKEHOLDERS IN TOKENISATION TRANSACTIONS 

Typically, in a tokenized card transaction, the parties or stakeholders are the merchants including the merchant’s acquirer, card payment network, token requestor, issuer and customer. However, an entity other than those indicated may also participate in the transaction.

WHOM SHOULD CUSTOMER COMPLAINT?

“All complaints can be made to the card issuers. Card issuers will ensure easy access to customers for reporting a loss of identified device or any other event that may expose tokens to unauthorized usage,” adds Bhatt.
The RBI has ensured that all safety mechanisms are put in place by the card network to ensure that the transaction request only originated from identified devices. Your transactions will be secured in the future as you will no longer be saving actual card details for online transactions.