Article:
The Reserve Bank of India (RBI) recently made tokenisation compulsory for all online, point-of-sale, and in-app transactions made using credit and debit cards. This move, aimed at safeguarding sensitive card information, has brought the topic of tokenisation into focus.
Understanding Tokenisation
Tokenisation is a security measure that replaces original card details with a special, unique code referred to as the ‘token’. Each token is unique to a specific combination of card, token requester (the entity that accepts requests for tokenisation and passes them onto the card network), and device. As such, it significantly boosts security for card transactions.
The Need for Tokenisation
The need for tokenisation arose due to multiple reasons. E-commerce companies like Amazon, Myntra, Flipkart, Bigbasket, etc., tend to store sensitive card information like card number, expiration date, and CVV which, in case their databases are breached, could fall into the wrong hands. Furthermore, the advent of the COVID-19 pandemic has led to an increase in the usage of digital payments, thereby increasing the potential for fraud. The previous Card-on-File system was also deemed outdated and easily compromised, bolstering the need for a more secure system like tokenisation.
Who Can Offer Tokenisation Services?
Only authorised card networks can perform tokenisation. Adequate safeguards need to be in place so that the PAN, among other sensitive data, cannot be obtained from the token and vice versa. RBI emphasizes that the integrity of the token generation process must be maintained always.
Benefits of Tokenisation
Tokenised transactions offer an extra layer of security as the actual card details aren’t shared during transaction processing. Other benefits include facilitating advanced innovations in the payment ecosystem, strengthening trust between customers and businesses, and reducing red tape for businesses. This system results in a smoother and more secure payment experience for all parties involved.
Card Payments in India: Current Status
According to the RBI’s annual report for 2021-22, payment transactions via credit cards grew by 27% in volume terms and 54.3% in value terms during the period. As of July 2022, there were approximately 8 crore credit cards and 92.81 crore debit cards in circulation.
RBI’S ‘Data Diktat’
Previously referred to as ‘Storage of Payment System Data’, RBI’s directives necessitated that all data concerning payment systems must only be stored within Indian systems. However, there was no mention of public sector entities owning and operating these systems. Payment providers were also required to submit a System Audit Report (SAR), mandatorily conducted by CERT-IN empanelled auditors. These guidelines illustrate RBI’s commitment to maintaining the security and integrity of the country’s financial systems.