Making payments for your favorite services, ordering a delicious recipe, or get something that was on your wishlist for a long time, from anywhere, even while on the go, is really convenient. But today, it is even more convenient, because we can store all our card details on Paytm, Amazon, Flipkart, Netflix, or on other apps that we use for faster checkouts. But, in the domain of technology, things change very fast, and now, we might see a change in how we do online payments with our favorite apps.
If you follow the news regularly, you might have heard about card tokenization, which will bring about a small yet useful change in the way we do payments with our cards. The Reserve Bank of India, or RBI said, all entities that save card information for checkouts should offer card tokenization to make online payments more secure, and mitigate frauds that take place from time to time as different apps store card information on their servers.
So, today on InkedFreedom, I will try to clear all your doubts about card tokenization in India, its benefits, what’s going to change for you, and other relevant details. So, without any further delay, let’s get started.
Some basics
Before getting started with what tokenization of cards is, and how it will be carried out in India, let’s have a look at, why card tokenization will be important for most users. It is convenient for all of us to save the card details on our favorite merchant sites like Paytm, Amazon, etc., as that enables faster payments by not entering the card details, every time we need to do a transaction.
Entering all the details of a card for payments is a time-taking exercise, and not everybody can memorize the card details, and that’s why saving the card details is really convenient. However, if in the future, some data breach happens with any of the entities that store card details, sensitive user data will be at stake, even though, the possibility of losing the hard-earned money can be ruled out at first glance, because most card networks today require OTPs for authorizing payments. Data breaches are not a once-in-a-blue-moon phenomenon, and in the recent past, we have seen data leaks that compromised credit card details. That’s scary, to say the least.
So, to keep the user details, or precisely, the card details safe, RBI announced that none of the entities will be able to store your card details on their servers, also know Card-on-file (CoF), except the bank that issued the card, which is obvious, or the card network from 1st January 2022. So, the changes are not happening overnight.
Do we have to memorize card numbers from now on?
As the option to save the card details will be obliterated from our favorite websites, you might apparently think, the card details need to be entered every time you want to make a payment. Yes, that is obviously an option, but you have an alternative. This alternative is called card tokenization.
What is card tokenization?
Now, to the most important part of the post, what the heck is card tokenization! Card tokenization will replace your card details with just a piece of number, or an alpha-numeric code, aka. the token that will be easier to remember, at least simpler than remembering the 16-digit card number, expiry date, and the CVV.
What’s going to be different is, in the case of card tokenization, a particular token will be unique to the device that you are using, your card number, and the platform, or entity, where you are using the token.
Let me explain it in simple words. For example, you have an Android phone, and an iPhone, and you have Paytm installed on both devices. Now, you have a single credit card, and if you want to use the same card for use on Paytm on Android and iPhone, the token will be different for both devices. So, if you try to make a payment on Paytm using your iPhone, the token that you will use will be different from the token that you will use for using Paytm on your Android. But in both cases, it will refer to, or the amount will be debited from the same card.
It is like having two keys with two different persons for the same lock, with some additional biometric factor authentication, which means you cannot use the other person’s key to unlock, and vice versa.
How to get a token?
Now, the question is, how can you get a token! The token will be issued by a card network, and you can use some sort of app or service, which RBI will announce in the future, obviously before 1st January 2022 to guide you in the process of getting a token for the device that you are using.
You can get a token for payments for all modern devices, like, smartphones, tablets, laptops, smartwatches, other wearables, and IoT devices that support payment activites.
Why tokenization will be more secure?
Well, in the case of tokenization, the entity through which you are making payments, like Paytm, Amazon, etc., will only know the token, also known as Card-on-file-tokenization (CoFT), instead of the actual card details, to accept payments. So, even if they store the token on their servers, the actual card details are never shared. The token will just be used to get authorization for payments from the card network, and the financial institute, or your bank.
Besides the token, additional factor authentication or AFA will also be mandatory to authorize payments, and thus, you will still get OTPs just before the amount is deducted, or for authorizing a transaction.
Even if some data breach happens, just the token will be compromised. As the token is tied to your device, no other person can use the same token for transactions. This will also reduce fraudulent transactions, as even if somebody gets access to the token, and try to do payments on their device, the token that is tied to your device will be of no use.
Will the process of tokenization require charges?
The process of tokenizing a card or vice versa will be completely free of cost, as per RBI. Furthermore, there will be no limit on the number of cards that can be tokenized. So, if you want to tokenize multiple cards on all the supported devices, you are free to do so without any charges at all.
Will tokenization be mandatory for customers?
No, tokenization is optional. You may not go for tokenization services if you don’t want to. However, if you do not opt for tokenization, you will have to enter the card details every time, as the privilege to store card details on merchant websites or apps will no longer be there.
Can transaction limits be set on tokenized cards?
Just like other cards, transaction limits can be set with tokenized cards too. However, you might need to use your bank’s or some app specified by your card network to be able to set limits for different payment modes supported by the card. You can also set limits for payments on different apps and websites if that is supported. If you have already set limits on your card for different types of payments, all such limits will be applicable even after tokenizing your card.
So, those were some basics about the tokenization process of cards. Do you have any other questions in your mind? Feel free to comment on the same below, and I will add the same to the list of questions.
Comments
Post a Comment