RBI Proposes Anonymising Card Details at the Bank Level

Subject :Economy

Section :Monetary Policy

Context:

To further secure online transactions, the Reserve Bank of India (RBI) proposed to allow banks to “tokenise” debit or credit cards. Observing that Card on File Tokenisation (CoFT), which anonymises card details, had so far been offered at merchant sites, RBI proposed bank level tokenisation would enable cardholders to get tokens created and linked to their existing accounts with various e-commerce applications.

What is Tokenization?

Tokenisation refers to the replacement of actual card details with a unique alternate code called the ‘token’.
This token shall be unique for a combination of card, token requester and the device.
Benefits – A tokenised card transaction is considered safer as actual card details such as three-digit CVV and expiry date are not shared with the merchant during transaction processing.
Actual card data, token and other relevant details are stored in a secure mode by the authorised card networks.
Now, for any purchases done online or through mobile apps, merchants, payment aggregators and payment gateways will not be able to save crucial customer credit and debit card details.

How is tokenisation be carried out?

A Debit or Credit card holder can get the card tokenised by initiating a request on the app provided by the token requestor.
The token requestor will forward the request to the card network.
The card network, with the consent of the card issuer, will issue a token corresponding to the combination of the card, the token requestor, and the device.

How safe is tokenisation?

The token requestor cannot store Primary Account Number (PAN), or any other card details.
Card networks are also mandated to get the token requester certified for safety and security that conform to international best practices/globally accepted standards.
With tokenisation, a card and merchant specific token is generated, which can be used for all online transactions with that merchant.
In case of any data breach or hacking attempt at the merchant’s end, the customer’s card details will be protected.
Further, RBI has emphasised that the integrity of the token generation process has to be ensured at all times.

How did India decide to carry out tokenisation?

The RBI prohibited merchants from storing customer card details on their servers and mandated the adoption of card-on-file (CoF) tokenisation as an alternative.
After multiple extensions, given to the system for a comfortable switchover, the RBI finally implemented these norms.
The central bank was constantly talking to all stakeholders to ensure that the transition to the tokenisation framework was smooth.

Benefits of tokenization in a nutshell:

Largely designed to counter online frauds and curb digital payment breaches, tokenization comes with a slew of benefits. Some of them are:

Enhanced safety and security: Tokens generated will be unique to a single card at a specific merchant and this will take up the overall security of making card-based transactions. It eliminates the risk of storing card details online and ensures the uncompromised convenience of storing customer’s token details on the merchant site.
Quicker checkouts: Tokenized Mastercard will allow the convenience of quick checkouts as one doesn’t need to punch in the card number for each purchase.
No more ‘False Declines’: Many times, legitimate online payments using valid cards are declined on the grounds of the transaction looking like a fraud. With tokenization, this becomes a thing of the past as the usage of tokens for payments confirms security of the highest order.
Easy card management: With tokenization, one can also keep track of all your cards and the merchants they have been tokenized with.
No need for a physical card: With tokenization, one can store a virtual version of one’s card on a smartphone for the days one forgets to carry your wallet.
Added benefits: Tokenization also comes with cashback benefits when secured with platforms like Amazon, Paytm, Swiggy, Flipkart and Phonepay among others.