RBI’s Dec 31 deadline on tokenization: What does it mean for you?

  • With tokenization, the entities involved in the transaction do not have to memorize what the card entails on either end since it is converted into a unique ‘token’ that facilitates the payment
  • Tokens and tokenization are terms that have been used often, recently. The Reserve Bank of India brought in CoF (card on file) tokenization guidelines that mandate replacing actual card data with encrypted digital tokens to facilitate and authenticate transactions.
  • Therefore, starting from January 1, 2022, the use of one’s credit or debit cards while shopping on any online platform such as Flipkart, Amazon, Myntra, Nayka etc., will change. One will not have to save one’s 16-digit card number along with the card’s expiry date on the website. As per RBI’s new rules, the only way one will be conveniently making a card payment repeatedly is through the process called ‘tokenization.’

What is CoF Tokenization?

Tokenization is a process that replaces sensitive information with a unique set of characters.

Shailesh Paul – Head, Merchant Sales, Acquiring and Cyber Source, India and South Asia at Visa says, “When applied to payments, tokenization essentially means that the 16-digital card number is replaced by a unique code or ‘token’ – useful for mobile or online transactions. This devaluation of sensitive data that tokenization facilitates, helps to mitigate any risks of security breaches.”

Read More…

[pt_view id=”baa39696xe”]

In March 2020, the RBI said that payment aggregators and their on boarded merchants must not save the card details of users. Therefore, the RBI has allowed card issuers to offer card tokenization services as Token Service Providers (TSPs). This will be facilitated through consumer consent and will require an ‘Additional Factor of Authentication (AFA)’. With tokenization, the entities involved in the transaction do not have to memorize what the card entails on either end since it is converted into a unique ‘token’ that facilitates the payment.

The deadline to align with this mandate is January 1st 2022. Till then, any previous data that has been stored also needs to be deleted.

How Tokenization will benefit consumers at large to adopt digital payments?

Industry experts say tokenization does not affect the payment process or customer experience directly but adds another layer of security to the transactions. It assures that an individual’s sensitive details remain with them while they transact, thereby nullifying all risks associated with the vulnerability of data.

Impact of the deadline of December 31, 2021

Experts say merchants are a crucial part of the transaction chain. “As tokenization comes about, they will have to make an effort to deploy tokenization for their customers. This is a complex task, requiring consent and co-operation from different players who are at varying levels of readiness. There is no change in the processes of chargebacks, disputes and the like, during the migration phase or post-implementation,” says Paul.

Having said that, RBI has mandated tokenization for merchants, not customers. An individual will still be able to choose whether or not they want their cards to be tokenized. Should a customer choose to not tokenize their card, they will have to enter their full card details, CVV and other details every time they make an online or mobile transaction, which will make the process tedious and lengthy. It is so because RBI has also mandated that all card details that had been saved with merchants up until now, have to be deleted.