Card Tokenisation

Table of Contents

As per the RBI, Card Tokenisation refers to replacement of actual card details with an alternate code called the “token”, which shall be unique for a combination of card, token requestor (i.e. the entity which accepts request from the customer for Card Tokenisation and passes it on to the card network to issue a corresponding token) and device (referred hereafter as “identified device”).
Card Tokenisation is required wherever your card details are stored for recurring payments.
It focus on building a robust ecosystem to benefit consumers with more secure transactions and merchants with better transaction approval rates.
Compatibility with Device: Facility for Card Tokenisation will be available for mobile phones, tablets, laptops, desktops, wearables (wrist watches, bands, etc.) and Internet of Things (IoT) devices of interested card holders.
As per the regulatory guidelines of RBI, with effect from 01st October, 2022, Banks introduce tokenization facility for all the card users of both Debit and Credit card holders of RuPay/VISA/Master card to enhance online transaction security.
Under Card Tokenisation facility, neither the Payment Aggregators (PAs) nor the Merchants can store customer card credentials within their data base w.e.f. October 01, 2022.
All the Payment Aggregators (PAs)/Payment Gateway acquirers should replace the stored card on file with tokens and the basic purpose of tokenisation is to enhance security for digital transactions

Card-on-File (CoF)

A CoF transaction is a transaction where a cardholder has authorised a merchant to store the cardholder’s Mastercard or Visa payment details.

Card Tokenisation: Working

Debit or credit card holder can get the card tokenised by initiating a request on the app provided by the token requester.
- A token matching to the card details, the token requestor, and the device will be issued by the card network, such as Mastercard, Visa, RuPay, or American Express, with the approval of the card issuer.
For any purchases done online or through mobile apps, merchants, payment aggregators and payment gateways will not be able to save crucial customer credit and debit card details such as three-digit CVV and expiry date.
Current Status: Close to 35 crore tokens have already been created. In September 2022, 40 per cent of transactions, valuing around Rs 63 crore, were done using tokens.
Potential: During 2021-22, payment transactions carried out through credit cards increased by 27 per cent to 223.99 crore in volume terms and 54.3 per cent to 9.72 lakh in value terms.

Safety and security of card transactions: Tokenised card transaction is considered safer as the actual card details are not shared with the merchant during transaction processing.
- Token requestor cannot store Primary Account Number (PAN), or any other card details.
- Customer is not required to pay any fees in order to use this service for tokenization and de-tokenization.
- It is only possible through authorized card networks.
Data Protection: In case of any data breach or hacking attempt at the merchant’s end, the customer’s card details will be protected.
Greater credibility: Only authorized card networks are mandated to get the token request.
- They conform to international best practices/globally accepted standards, for providing seamless and secure payments experience.
Speedy Transactions: Tokenization will speed up customers’ digital shopping experiences and lowering hassle in the checkout process as there will be no longer required to repeatedly enter your card information since once a token has been issued, it may be used for any subsequent payments on the online merchant app or website.