The Reserve Bank of India (RBI) is now allowing card-on-file tokenization for all e-commerce companies. Based on the newly imposed digital payment guidelines, RBI is permitting all the card aggregators to offer card-on-file tokenization as one of the Token Service Providers (TSP).
According to RBI, such a drastic change is going to add safety and security for the card data, while adding convenience for the card transactions. That being said, in this article, we are going to discuss everything a customer needs to know about card-on-file tokenization, and how we are going to perceive online payments for e-commerce websites.
What Exactly is Tokenization?
Tokenization can be best described as the process that allows credit/debit card numbers to be replaced by a unique set of characters, also referred to as ‘tokens.’ This, in turn, ensures that the payment can go through without ever exposing any sensitive information whatsoever.
A detailed process on how card-on-file tokenization works can be best understood through the example below:
- At first, any credit/debit card is used on an e-commerce website
- The card number is further transferred into the tokenization system
- The system then generates a 16 character token replacing the credentials of the original card
- The system then returns the newly generated 16 digits unique number to the e-commerce website
Fact: Before tokenization, reversible cryptographic algorithms were used for encrypting sensitive information.
Latest Enhancement Mandate by RBI
According to the latest enhancement mandate, every tokenization of the card shall be done taking the customer’s consent with Additional Factor of Authentication (AFA). Furthermore, tokenization shall be facilitated by TSP alone.
New devices are also added as token requestors, which were earlier constrained to mobile phones and tablets alone. The added devices include laptops, smartwatches, desktops, the Internet of Things, and more.
Reason Behind RBI Enforcing Tokenization
According to the Central bank, several merchants stores card details (commonly known as card-on-file) for its user. Keeping such sensitive information floating on the internet poses a security threat.
There have been instances in the past with merchants’ information getting compromised. Enforcing tokenization can help to minimize these vulnerabilities within the system. That being said, it also helps the customers to conveniently pay as well.
Tokenization Benefiting Card Payment Networks
Card-on-file tokenization offers added benefits to any card payment network. This newly implemented technology drastically reduces the aggregator’s effect to comply with PCI DSS (Payment Card Industry Data Security Standard) requirements.
While it doesn’t eliminate the process, aggregators no longer need to maintain and validate every compliance. Tokenization also simplifies the aggregator’s effort by reducing the overall number of systems associated with PCI DSS.
What’s in it for the Customers?
As much as we want to talk about the technology involved, it is imperative to understand whether it benefits the customer or not? Tokenization can bring forth convenience for customers as well, especially in case of any theft or fraud.
This is primarily achieved by generating multiple tokens of the same card for different e-commerce websites. So, even in the case, the security of one website is compromised, it can still give cybercriminals a hard time to reverse engineer actual card details.
Furthermore, tokenization can also offer safety for recurring payments, allowing any payment gateway to save cards in the form of tokens.