How Tokenization Will Change Your Online Purchase
21 Nov 2022
Table of Content
Making digital payments and paying for your online purchases will be very different from what you have done up until now. This is because, according to the Reserve Bank of India (RBI) standards, no online platform or payment gateway will be able to save credit card information in its entirety from October 1. This is what card tokenization is. Other aspects of online transactions via cards will stay the same and you will use your credit or debit card to pay for your purchases. So, what will change, indeed? What is tokenization in effect? Continue reading to learn more.
What is Tokenization of Cards?
To make an online purchase, you typically provide the e-commerce platform with access to your credit card or debit card details: card number, CVV, valid thru date and name. Now, this is incredibly sensitive data which is being stored on the platform, it is vulnerable to data loss or leakage.
The Reserve Bank of India has been urging cardholders to undertake tokenization of cards to increase the security of card transactions. Tokenizing credit and debit cards aim to reduce the number of places where your card information might be found.
It uses a code known as a "token" to substitute the credit and debit card information into highly randomized and encrypted data. The aim behind card tokenization is to use tokens with randomized numbers and alphabets to conceal card numbers and secure critical consumer data.
What is Digital Token Used For?
The term to bear in mind is “tokenization” which is the process of giving each payment method a special token that is specific to that online entity. Tokenization will use a special alternate card number, or "token," in place of sensitive payment credentials such as 16-digit plastic card numbers, names, expiration dates and codes by the new RBI regulation. For example, the result of this conversion for your BoB credit card will be something like “9U4fhwnzj803da1w” for your 16-digit card number.
In effect, online retailers like Amazon, Flipkart, Paytm, and Myntra won't be allowed to keep your card information as they have in the past. This is because the token is forwarded to the retailer (Amazon, Myntra and the like) by the card network (RuPay, Visa, MasterCard, American Express), which tags it with your actual card information.
The retailer then transmits this token to the card network whenever a payment is required and verifies the transaction by comparing it to the saved information. This process is known as the tokenization of card transactions. Other sites can facilitate transactions using tokens, adding an additional layer of protection without disclosing your private information.
Who Can Offer Tokenization Services?
Only the authorized card network can offer tokenization and only that network should be able to recover the original Primary Account Number (PAN). Through any e-commerce platform or merchant website, domestic plastic card users can generate tokens for their credit and debit cards free of charge, which will tokenize their card transactions. In this case, instead of your sensitive card information, a token will be created and saved.
Benefits of Tokenization
Before you shop online, consider the following benefits of card tokenization:
- Customers are not charged for the tokenization of cards, and they are free to use any authorized card to complete transactions.
- Every cardholder should consider mobile tokenization if they are concerned about the danger of fraud. Card tokenization will boost card security by making each card individually identifiable to each merchant.
- With tokenization, any card data will only be accessible to and stored by card networks and banks that issue them.
- On any device including tablets, mobile phones, laptops and wearables (wristwatches, bands) etc. consumers can choose to tokenize payment.
How are the Tokenized Transactions Processed?
Tokenized transactions are processed in the following way:
- A customer visits an e-commerce or merchant's website to make any purchases or to start a transaction.
- The option "secure your card as per RBI rules" is selected by the consumer to securely generate a token and have it stored by RBI guidelines.
- The customer will receive a one-time password (OTP) to complete the purchase.
- The card data are supplied for token generation and transaction authorization once the OTP has been put on the bank page.
- Returning the generated token to the retailer, who then saves it against the customer identity information.
How Will Tokenization Prevent Online Fraud?
For tokenization to function, a credit card's or debit card's 16-digit account number or other sensitive payment information must be replaced with a "token" or stand-in. The vendor never sees the actual credit card number since the confidential data is carefully stored in an encrypted database.
The PAN is not sent during the transaction when using tokenized payments, increasing the security of the transaction. This is tokenization's primary security benefit.
How Does Tokenization Differ from Encryption?
As the name implies, card tokenization consists of converting meaningful data into tokens, which are random strings of characters. On the other hand, through the use of mathematical techniques, encryption converts sensitive or plain-text data into incomprehensible encrypted data known as “ciphertext.”
Tokenization, however, makes it impossible to determine what data a token represents without access to the databases of the token's actual issuer.
Since the real card information is not given to and held by the retailers to complete the transaction, a secure and tokenized card transaction is safer. This eliminates the headache of repeatedly entering your whole card information by using security and tokenization.
Go to your nearest Bank of Baroda branch or visit BOB Financial to apply for a Bank of Baroda credit card or to learn more about the tokenization of cards.
The contents of this article/infographic/picture/video are meant solely for information purposes and do not necessarily reflect the views of Bank of Baroda. The contents are generic in nature and for informational purposes only. It is not a substitute for specific advice in your own circumstances. Bank of Baroda and/ or its Affiliates and its subsidiaries make no representation as to the accuracy; completeness or reliability of any information contained herein or otherwise provided and hereby disclaim any liability with regard to the same. The information is subject to updation, completion, revision, verification and amendment and the same may change materially. The information is not intended for distribution or use by any person in any jurisdiction where such distribution or use would be contrary to law or regulation or would subject Bank of Baroda or its affiliates to any licensing or registration requirements. Bank of Baroda shall not be responsible for any direct/indirect loss or liability incurred by the reader for taking any financial decisions based on the contents and information mentioned. Please consult your financial advisor before making any financial decision.
The UPI way: Cardless cash withdrawal at ATMs
In April 2022, the Reserve Bank of India (RBI) announced cardless cash withdrawals at ATMs bringing the country under a Unified Payment Interface (UPI). This move has allowed cardless cash withdrawal from smartphones giving users the freedom to pay and transact without having to deal with cash at all. Indian banks switched to new technology in the early 1990s through internet banking and reinvented themselves. With the popularity of internet banking, banking apps were developed which eased cardless cash withdrawals and transfers. UPI transactions flourished during the COVID-19 pandemic and opened gateways into a cashless world. UPI cash withdrawals are making digital payments so much a part of everyday life that leather wallets are heading towards extinction. The behavioural readiness, particularly with the RBI legitimising UPI transactions, has cut across generations to accept this transition through their smartphones.
New Guidelines on Digital Lending Issued by RBI
Owing to the rampant malpractice in the digital lending space, the Reserve Bank of India mandated digital loans to be credited directly to the borrower's bank account. A third-party inclusion will not be acceptable. Along with this norm, the RBI regulations suggest, that the charges to the Lending Service Providers (LPS) should be paid by the digital lending entities and not the borrowers.