Given security concerns, the Reserve Bank of India(RBI) has proposed some changes in how we use debit/credit cards while shopping from e-commerce sites.
Introducing the new process called ‘Tokenization,’ Rbi has said that this process will reinforce the safety and security of the card data while using the cards conveniently like before.
According to the new digital payments guidelines, RBI has allowed card networks/aggregators to offer tokenization services as Token Service Providers (TSPs).
Now you might wonder what this tokenization process is and how it will provide more security?
And who can issue these tokens?
And do we have to enter all the card details again and again while shopping online?
Don’t worry; we are here to answer all your questions. So jump right into the article to know more.
What is tokenization?
E-commerce giants like Amazon, Myntra, Flipcart, Bigbasket, etc., ask you to save your card details every time you shop with them.
The card data like card number, expiration date, and CVV get stored in these companies’ databases.
But if the databases get hacked, it poses a real problem as all the card data will become easily accessible. But what if there is a safer way? Enter Tokenization
Tokenization is the process of converting your card details into a unique token that is specific to your card and only to one merchant at a time.
This unique token hides all your card details so that no one can misuse them. You can save this token on the online server and make repeated transactions by just entering your CVV without entering your card details again and again.
This rule comes into effect from January 1st, 2022, and all e-commerce websites cannot store your card details.
How does this card tokenization work?
When checking out in an online shopping portal, you can enter your card details and opt for tokenization.
The merchant will forward the token request to the respective bank or the card network. A new token unique to the card and the merchant is generated and sent back to the bank/card network.
You can save this token for future use, i.e., whenever you shop on the portal, you can use the saved token option and enter the CVV of your card and complete the transaction.
And if you choose not to use the token, you will be needed to enter all the card details again in the next transaction.
History of Tokenization:
The main idea of a token was to replace sensitive user data with non-sensitive digital data. Tokenization was introduced in 2001 by TrustCommerce to protect its users’ credit card information.
The system that TrustCommerce developed was to replace the primary account number(PAN) of the customer with a random number called a token. Users could make the transaction by referring to this token every time.
Tokenization vs Encryption:
Tokenization and Encryption are both used for securing the data. But, is there any difference between the two of them? Yes, the cryptographic methods used on the data are different in each case.
Encryption changes the length and data type of the data that is secured while tokenization does not. Encryption converts the data into an encrypted message which can be decoded with the use of a key.
Tokenization is an irreversible process.
Once the data is converted into secret data, it is non-decryptable. Tokenization is a cost-effective and more secure option than encryption.
Is this tokenization service free?
Yes, the tokenization process is free for all users. You can avail tokens for any number of cards for transactions.
The rule applies to only domestic cards; this guideline does not yet cover international cards.
But there is a catch here if the merchant has not integrated his website portal with the card/bank network by the end of December 31st, 2021, you would have to enter the card details every time you purchase with the merchant.
Why are these changes necessary?
The COVID-19 pandemic has pushed drastic changes into the digital economy. With more and more customers and merchants adapting to digital payments, it is now more important than ever to tighten security.
With an average of 6 billion transactions happening every month, fraud could also grow proportionally if not taken care of.
This fraud can be a huge threat to the entire country’s financial system. From 2019 to 2020, card fraud has increased by 14% CAGR, while in the last three years has increased by 34%.
The current card-on-File system is not enough as it can be easily breached, and the data can be stolen.
So to take care of the security concerns, RBI has come up with the Tokenization system, which guarantees that the customers’ details cannot be breached and cannot be misused by anybody.
Will the customer experience be affected?
Third-party payment aggregators have had the problem of security in the past, which led to hacking and data loss.
But with the new tokenization process, whether you use the card for an in-store or online purchase, the card details are transferred to the card issuer or the card network system, which generates tokens for the transaction.
This way, the card details cannot be misused under any circumstances.
The experience from the customer’s end will remain the same and won’t make much of a difference.
Advantage of tokenization:
All the payments have to follow PCI DSS(Payment Card Industry Data Security Standard), which is a security standard.
Tokenization complies with PCI DSS and makes sure you have a safe and secure transaction every time.
If you are an e-commerce business owner and have collected large amounts of user data. If hackers breach this data, you must take sole responsibility for it. Instead, tokenization helps you reduce risk, which is safe for you and the customers.
Customer loyalty and trust:
Customers want security and safety with their online transactions.
With online fraud increasing day by day, it is now more than important to provide customers with safe and secure transactions and win their loyalty. Tokenization helps e-commerce businesses build trust with customers.
Tokenization drives innovation:
Tokenization paves the way for advanced innovations in the payment ecosystem. It has become the cornerstone for payments, whether in-store, online, or through mobile wallets.
Tokenization gives salient advantages to e-commerce businesses like compliance, risk reduction, customer loyalty, and trust, and it also drives innovation.
This will further protect Indian consumers from card fraud and strengthen the e-commerce system moving forward.
Let us know if you have any questions in the comments below.