News

Card Tokenisation On Oct 1: Here's A Step By Step Guide To Tokenise Your Cards

With the process of tokenisation to take effect just over a week away, it's high time we understand how to tokenize your debit and credit cards.

Card Tokenisation On Oct 1: Here's A Step By Step Guide To Tokenise Your Cards
info_icon

According to the Reserve Bank of India (RBI) mandate, the process of tokenisation, which would replace all credit and debit card information used for online, point-of-sale, and in-app transactions with independent tokens, is set to come into effect from October 1. With just 10 days from the roll-out, it's important to understand how tokenisation works. 

"Tokenisation will assist banks and merchants to avail more time in educating consumers about the benefits of tokenization, while at the same time it will assist stakeholders in developing the system that will facilitate the service," says Mandar Agashe, managing director (MD), Sarvatra Technologies, a banking technology solutions provider to co-operative banks and fintech companies. 

What Is Tokenisation?

According to the RBI mandate, tokenisation is set to replace sensitive payment credentials, such as 16-digit plastic card numbers, names, expiry dates, and codes, with a unique alternate number or token. 

Tokenisation is used for recurring payments or in cases where merchants have stored the card details to provide a faster checkout experience. "Tokenisation thus adds an extra layer of security to the consumer's card credentials as they are not saved by the merchant. While the practice is not mandatory, it is highly recommended as an essential service that every consumer should avail to protect their data which is otherwise exposed while undertaking a card transaction," says Agashe. 

However, according to experts, if a consumer does not wish to save the card with a merchant, then the consumer has to enter the entire card data every time during the check-out for that particular merchant, which can become convenient. Therefore, tokenisation adds security as well as convenience to consumers. 

How Do You Tokenise Your Cards?

•    Tokenisation is used for recurring payments or in cases where merchants have stored the card details to provide a faster checkout experience. It's a simple process to tokenise your card.

•    To purchase products or services and initiate a transaction, a customer visits an e-commerce or merchant's website.

•    Then select the preferred card options as the payment method and enter all details.
•    If the website wants the customer to store the card details for a faster checkout experience, there will be an option to 'secure your card as per RBI guidelines.' A customer must use this option to securely generate a token and store it as per RBI guidelines.

•    A customer will receive a one-time password (OTP) on the mobile device or email from the card issuer company to complete the transaction.

•    Once the OTP is entered on the bank page, the card details are sent for token generation and transaction authorisation.

•    The generated token is sent back to the merchant, who then stores the token against the customer identification data, for example, mobile number or email address.

•    When a customer visits the same e-commerce or merchant website, the last four digits of the saved card are shown, which helps them to recognize it during the transaction. This means that a customer's card has been tokenised.

•    A new token is generated for every merchant website where the card details are required to be stored.

Things To keep In Mind For Card Tokenisation

"Tokenisation is a major reform that would go a long way in enhancing the security of online transactions. Once tokenisation is implemented, a customer must follow the one-time registration process carefully based on their own decision to whether to store the card or not for every card, whether it's for any subscription payments or even just plain card storage, at every e-commerce or merchant's website," says Dewang Neralla, CEO, NTT Data Payment Services India, an end-to-end payment service provider.