Home |Business| All You Need To Know About Tokenisation Effective Jan 1
All you need to know about Tokenisation effective Jan 1
The new tokenisation rule, which comes into force from January 1, prohibits all online shopping portals from saving your card numbers, CVV and expiry date in their servers.
Hyderabad: Beginning January 1, if you were to shop online, you should enter the full number, expiry date and CVV of the credit or the debit card every time you make a transaction. The new tokenisation rule, which comes into force from January 1, prohibits all online shopping portals from saving your card numbers, CVV and expiry date in their servers. Banks have been sending messages to their customers to get their cards tokenised.
So far, these details have been saved on the merchant sites like the Amazon, Flipkart or any other e-commerce platform and needed the card user to enter only the CVV and the OTP for the transaction to happen. But if you don’t want to enter the 16-digit number every time you shop online, you can create a token for the debit or the credit card.
So what is tokenisation?
Tokenisation is a process of substituting a sensitive data element with a non-sensitive one, referred to as a token. Token has no exploitable value and is only a reference. Tokenisation of cards means converting the credit or debit card details into a unique token. It masks the true details of the card and therefore reduces the chances for its misuse. This token is unique to a card and a merchant pair. You will the last four digits of your card number.
Use cases
For example, if you have Axis Bank credit card and you register it for use on Amazon. The token can be used on Amazon only for future purchases. If you want to shop on another platform like Flipkart using the same credit card, you have to create another token and this one will be valid only on Flipkart in future. You can tokenise multiple cards with the same merchant or tokenise the same card with multiple merchants. The customers will be free to use any of the cards registered. You will need to enter your CVV and complete the transaction.
Consent
The registration for a tokenisation request is done only with explicit customer consent through additional factor of authentication (AFA) and not by way of forced, default or automatic selection of check box. Once created, the tokenised cards will be used in place of an actual card number for future online purchases by the card holders.
Not mandatory
Tokenisation is not mandatory but makes repeat purchases on the same portal easier. If you do not tokenise, you should enter the 16-digit number, name, expiry, CVV and OPT. The end-customer experience will not change. Tokenisation is free. Also, there will be no change in the way the cards will be used at point of sale terminals as this is only for online purchases. If the card is replaced, reissued are renewed or upgraded, the customers should visit the merchant page again and create a fresh token.
Security layer
There have been instances of data leaks from merchant websites and this tokenisation is a step to enhance the card data security. Conversion of the token back to the actual card details in de-tokenisation. The tokenisation and de-tokenisation are done by the authorised card networks like Visa, Mastecard, American Express, Rupay and the card issuing banks.
Managing cards
Banks will provide a facility to the card holders to view and manage the tokenized cards. Card holders can view or delete the tokens for the respective cards through this facility. Phone banking facility can also be used for managing the tokenised cards.
Reservations
Industry bodies Merchant Payments Alliance of India (MPAI) and the Alliance of Digital India Foundation (ADIF) have voiced concerns over the industry readiness on card-on-file tokenisation (CoF). They have written to the Reserve Bank seeking extension of the December 31 deadline for implementation of card data storage norms.
Now you can get handpicked stories from Telangana Today onTelegrameveryday. Click the link to subscribe.