RBI extended the tokenisation deadline by three months starting July. This extended time period may be used to create public awareness about the process of creating tokens and in facilitating the stakeholders to be ready for handling such transactions.
According to the RBI, “Tokenisation refers to the replacement of actual card details with an alternate code called the “token”, which shall be unique for a combination of card, token requestor (i.e. the entity which accepts request from the customer for tokenisation of a card and passes it on to the card network to issue a corresponding token) and device (referred hereafter as “identified device”).
Currently, card data like card numbers, expiry dates, etc. can be stored by an entity involved in an online card transaction to render convenience. But it should be noted that saving such crucial information increases the risk of card data being stolen or misused.
Earlier RBI said, “Given the fact that many jurisdictions do not mandate Additional Factor of Authentication (AFA) for authenticating card transactions, stolen data in the hands of fraudsters may result in unauthorised transactions and resultant monetary loss to cardholders. Within India as well, social engineering techniques can be employed to perpetrate frauds using such data.”
Following are some of the frequently asked questions about card tokenisation:
What is tokenisation?
As per the RBI, tokenisation refers to the replacement of actual card details with an alternate code called the “token”.
What is the Benefit of tokenisation?
A tokenised card transaction is considered safer as the actual card details are not shared with the merchant during the processing of the transaction.
How can the tokenisation be carried?
-The cardholder can get the card tokenised by initiating a request on the app provided by the token requestor. The token requestor will forward the request to the card network which, with the consent of the card issuer, will issue a token corresponding to the combination of the card, the token requestor, and the device.
Who can perform tokenisation?
Tokenisation can be performed only by the authorised card network and the list of authorised entities is available on the RBI website.
What are the charges that the customer needs to pay for availing of this service?
The customer need not pay any charges for availing of this service.
What are the use cases (instances/scenarios) for which tokenisation has been allowed?
Tokenisation has been allowed through mobile phones and/or tablets for all use cases/channels (e.g., contactless card transactions, payments through QR codes, apps etc.)
Is tokenisation of a card mandatory for a customer?
No, a customer can choose whether or not to let his / her card tokenised. Those who do not wish to create a token can continue to transact as before by entering card details manually at the time of undertaking the transaction. (ANI)
With inputs from ANI