Tokenization is related to digital transactions or a process to substitute storage of card attributes with a token that is a unique blend of card, device, token requestor, etc
In September 2021, the RBI declared the prohibition on merchants holding customer card data on servers to impact from January 01, 2022. The central bank requested merchants to adopt card-on-file (CoF) tokenization as an alternative to saving card data. However, the implementation of these norms was driven out by six months to come into impact from June 30, 2022, which was additionally extended till September 30.
The credit card tokens built as part of the tokenization process will help protect customers’ sensitive information. It will replace the data with a string of algorithmically generated numbers and letters. Merchants and payment gateways will not be permitted access to this data. The issuer and network provider can only access the information for maximum safety.
How does Tokenization secure transactions
In today’s digital age, sensitive information like account numbers, credit card numbers, user addresses, etc., can be stolen online and misused further. By adopting Tokenization, merchants can move data across networks without compromising the security of sensitive customer information.
Although Tokenization was scheduled to be part of a device-based framework, it will be further expanded to include consumer devices like laptops, wearables, desktops, and Internet of Things (IoT) devices. If a user uses their card on a laptop, Tokenization will be specific to the computer. If employed on another device, the token will not be practical. Thus, since CoF data does not operate on another device, the user will have to enter the information again. On the other hand, it ensures the security of transactions. Tokenization may also allow device binding, letting customers use the same token across multiple devices.
Now that tokenization has come into effect, customers can get their cards tokenized when they want to make transactions. From a customer perspective, the Tokenization process does not involve any charges.
Tokenization is not compulsory for card users since they can decide whether to opt for it or not. There is an option of guest login for such cases.
Is Tokenization going smoothly across the Industry?
Even though it has been a few days since Tokenization has been made mandatory across the industry, the payment ecosystem in its entirety is not ready While larger ecommerce platforms have been working on getting their infrastructure ready, with the majority of cards tokenised, we cannot say it’s true for all merchants.
Clarity is needed around recurring payments and EMI based transactions. It is feared that in the absence of adequate testing, digital transactions might fail, impacting consumer sentiment negatively.
As time goes by, merchants hopefully would be able to catch the glitches and strengthen their own systems to provide seamless consumer experience.