Card Tokenization will impact the future transactions

• Reserve Bank of India has released guidelines on tokenization for various card transactions, including from debit and credit cards.
• A set of rules on auto-debit transactions on cards, another new regulatory framework expected to kick in from 1 January next year will change how you transact online using debit and credit cards.

What is RBI Tokenization?

• Tokenization refers to the replacement of actual card details with a unique alternate code called the ‘token‘, which is unique for a combination of card, token requestor (i.e. the entity which accepts request from the customer for tokenization of a card and passes it on to the card network to issue a corresponding token) and identified device.
• Normally, in a tokenized card transaction, parties / stakeholders involved are merchant, the merchant’s acquirer, card payment network, token requestor, issuer and customer.
• However, an entity, other than those indicated, may also participate in the transaction.

About tokenization-

• It aims at improving the safety and security of the payment system.
• The Reserve Bank had earlier permitted ‘tokenization’ services, under which a unique alternate code is generated for transaction purposes, on mobile phones and tablets of cardholders.
• RBI had issued guidelines on “Tokenization – Card transactions” in 2019, permitting authorised card networks to offer card tokenization services to any token requestor, subject to conditions.
• Prior to the latest circular, the facility was available only for mobile phones and tablets of interested cardholders.
• A tokenized card transaction is considered safer as the actual card details are not shared with the merchant during transaction processing.

Safety and Security of card details-

• Actual card data, token and other relevant details are stored in a secure mode by the authorised card networks.
• Token requestor cannot store Primary Account Number (PAN), i.e., card number, or any other card detail.
• Card networks are also mandated to get the token requestor certified for safety and security that conform to international best practices / globally accepted standards.