Pages

0

Tokenization

    

    Most of you would have received SMS from your banks stating that their card details saved on E-commerce portals will be deleted w.e.f 01 January 2022 as per RBI guidelines. 

    Now the question arises "Do we need to enter 16-digits on card all the times we make transaction with it ?" The answer is NO, since the RBI has come up with a Card on File(CoF) tokenization guidelines.

    If you want to make a transaction with debit card / credit card, we have two options now - i) save card details in encrypted form called Token and ii) Enter card details all the times you make transaction with it.

Let us dive into those guidelines and know how the tokenization works.

In Tokenization, there are three parties involved - 

  1. Token Service Providers(TSP)
  2. Token Requestor
  3. Customer / User
    Authorized card payment networks like Rupay, Visa, Mastercard etc. act as Token Service Providers(TSP). E-commerce portals like Amazon, Flipkart etc. act as Token Requestor.


    
    Whenever the customer wants to save card details in E-commerce platform and make a transaction, he needs to details of card like 16-digit number and CVV then the e-commerce platform (token requestor) transmits these details to the Token Service Provider(TSP) to generate a token and displays a window to the user for providing OTP. On successful authentication of OTP, token will get saved and you can make future transactions using it.

    "Token" is a unique code generated by encrypting details of the card by the TSPs. The code is unique per card per Token requestor per device. That means, if you have generated token using laptop then you cannot use such token again while using mobile.


Key Takeaways:
  • Tokenization aims at improving customer data security.
  • Encryption is highly secured that no one can decrypt the token to know details of card.
  • User needs to authenticate by OTP to generate Token as well as while making transaction using it.
  • User will have the option to de-activate the token anytime.
  • User can set transaction limits for the tokens generated.
  • TSPs have the option to generate a token only for the cards issued by them or affiliated to them.
  • TSPs shall get the token requestor certified for Systems including hardware, token storage system, security of application etc.

M P Naveen Chandra

Author pursued the Bachelor of Commerce from Nizam College, Hyderabad. He articulates his interests for informative purposes.

No comments:

Post a Comment