What is tokenization, RBI’s new idea for secure online payments that will be voluntary from July 1

New Delhi: In just a few months, paying through your credit or debit card on the portals will likely be very different, sending you on new loops to pay.

From July 1, 2022, to secure online card transactions, the Reserve Bank of India (RBI) mandated all authorized card networks – like VISA, Mastercard, RuPay, American Express, and Discover – to issue tokens against card details for all transactions on an individual. Platform. For the benefit of the user’s safety, their card details would be hidden behind the token and they could transact through it.

This process, which is voluntary in nature, is called “tokenization”. It was supposed to start as early as January 1, 2022, but the central bank has now extended the deadline by six months.

Here is a more in-depth look at various aspects of the new regulation.

Read also : Paytm secures first bullish note from major broker after dismal listing, flurry of bearish views

What is tokenization?

Currently, if you’re shopping online, say, booking a travel ticket, you need to enter your 16-digit credit or debit card details along with your 3-4 digit Card Verification Value (CVV) with of the tour operator.

This data is stored on the tour operator’s website with the authorization of the cardholder, and whenever you go online to make purchases from the tour operator’s portal, you simply provide your CVV and a password to single use linked to your mobile number.

However, this led to cybercrimes. Often, negligently, a user simply gives their details on an unknown portal, resulting in security breaches.

But from July 1, the merchant would be required to issue a token against your card details – the 16-digit card number – through card issuers. This token could then only be used on that merchant’s portal and nowhere else.

How does this help?

Since most financial transactions are online, hackers began to use malware keystroke logging to gain access to a user’s credit card details. So when a hacker sends you a questionable or suspicious link, which takes you to a payment page, they unknowingly install malware on your system and save your card details.

With the introduction of tokens by merchants, only authorized merchants could send you the payment links, which would not ask you for card details but instead display the token issued against that card, thus preventing hackers from accessing one of your financial details.

This token can be registered on the portal server.

What if the merchant’s website is hacked?

Currently, if the site or online portal that you visit for routine shopping is hacked, all of your financial data will be leaked. But with tokenization, that wouldn’t happen.

As part of tokenization, card details are converted into a unique, card-specific token that is registered with only one merchant at a time.

RBI guidelines regarding the process prohibit all e-commerce platforms from registering the card number, expiration date, or CVV on their servers. Therefore, you can get a bank issued token before purchasing any item, and this token can only be used for this portal.

If you make purchases on different portals or use multiple cards on the same portal, you will receive multiple tokens.

Read also : Couple who traveled Indian cities on foot to create MapmyIndia worth Rs 4,400 cr after IPO

How to generate a token on a portal?

From today, after selecting an item and placing it in your cart, the merchant or portal directs you to a payment page, where you are prompted to enter your card details to complete the transaction. .

From July 1, traders would be mandated to offer you the possibility of switching to tokenization. Once you choose this option, the merchant would forward your request to the relevant bank or card network. A token would then be generated and sent back to the merchant, who would keep it registered on their website in your name.

The next time you shop at the same merchant, all you need to do is select the token at checkout.

Is it mandatory to switch to tokenization?

No. The RBI has asked merchants to keep tokenization as an option to make it easier for buyers to shop online, for free.

How secure is tokenization?

In its guidelines, the central bank categorically stated that no entity in the card transaction or payment chain, other than the card issuer such as a bank or the card network, would be permitted to store the data. actual card. It has also instructed all portals, merchants or websites in India to delete previously stored data by June 30, 2022.

Only limited cardholder data, such as the last four digits of the card number and the cardholder’s name, would be stored at the merchant for the purpose of tracking transactions.

The RBI has placed the responsibility for complying with these guidelines on networks and card issuers.

(Edited by Amit Upadhyaya)

Read also : Snapdeal files for IPO amid market rally, forecast to raise Rs 1,250 crore

Comments are closed.