Are you Tokenized Yet?
When we shop online, say on Amazon / Flipkart, we make payments by using our Debit / Credit Card. We normally enter the card details, including card number, name, expiry date and the three-digit CVV. To make it more convenient for repeat purchases, the seller/merchant asks us for our one-time permission to store the card details on their server. If you give permission, the data is securely stored on their servers, with encryption and masking technology. Now, if their security measures are inadequate or broken-into by a hacker, your entire data, including Card numbers, CVV, etc. is vulnerable and susceptible to misuse, which could lead to a loss upto the value of your card limits.
Tokenization is primarily designed to prevent such online or digital breaches.
At the Merchant end:
- Since October 2022, RBI has mandated that the merchants will not save the customers’ card numbers on their servers. Instead, they will just store a generated Token Number for each Credit Card that they want to be used recurringly on their servers.
- What it means is that a random Token Number will be generated by the system, which will be stored at the merchant end.
- This Token Number will be a unique number which is a combination of the Credit Card Number and the Merchant. So, e.g. if you are shopping on Amazon, your Card will be tokenized and a unique Token Number will be generated.
- This Token Number can only be used to make purchases with that Card on Amazon. It cannot be used on any other merchant website. Hence, a different, unique, Token Number will be generated each for Flipkart, Rediff or any other shopping site.
- Your actual Card details will be held safe in a secure token vault.
- This process will eliminate the possibility of hacking at the merchant end and even if the data is hacked, all that the hacker will receive will be a token number which will be unusable anywhere else and hence will be of no use to the hacker.
- Thus, essentially, your card will have multiple tokens based on the number of Merchants you have tokenized your card with.
For the User:
- As far as the user is concerned, the next time you pay online for something using your Debit or Credit Card, you will be asked if you wish to “Save Card as per RBI guidelines” or “Secure your Card”. If you respond positively, you will immediately get an OTP on your Mobile Number linked to your Card. Once you enter the OTP on the Merchant site, your card will be automatically Tokenized. It is as simple as that!
- You will not have to remember your Token Number, nor will it be displayed to you.
- However, you will still see the last 4 digits of your card at the merchant checkout page.
- You can request tokenization of any number of cards at a merchant website.
- Whenever your card is renewed, reissued or upgraded, you will have to visit the merchant page and create a fresh token by following the same instructions.
- Each card that you have, including Add-on cards will need to be tokenized, since each card has a unique card number.
- If you wish to delete the Token Number already generated at a merchant website, you just need to disable that card at the merchant’s website / app and your token number will be automatically deleted.
- If your card has not been tokenized, it will be automatically removed from apps and websites and you will be required to fill in all your card details every time you transact on that merchant platform.
Tokenized transactions are more secure since the generated tokens are normally not reversible. In encrypted transactions, the process is reversible by decryption using a unique key and decryption is mostly necessary to complete each transaction. It is therefore felt that Tokenization is relatively more secure than encryption.
Thus, from now onwards, you can transact online confidently, with the assurance that your transactions are more secure than before.
Happy Shopping for this festive season!