Your debit, credit card payments will soon get a lot safer. Here's how
Industry players say tokenisation will provide a big boost to digital payments.
Indian consumers, who traditionally fight shy of storing their card data on any device or e-commerce website, will find that the new rules permit them to use a bank-issued token (16-digit number) instead of the actual card.
The new rules would offer particular comfort to international travellers. Travel to countries like Thailand has its risks because of their notorious card-skimming syndicates, who skim card data at popular joints like pubs and eateries. Sometimes purchase of niche goods like e-cigarette cartridges, mountain cycle parts, or drones from international websites could prove a costly error as many of these sites have less stringent security compared to Indian sites, which always have the mandated two-factor authentication.
Industry players say tokenisation will provide a big boost to digital payments. “Today, one of the biggest hurdles for lesser known e-commerce sites is how to get the customer to pay on their site, that is, share their credit or debit card information. But once this data is masked, people will have the confidence to shop at lesser-known websites and mobile apps,” says Suresh Rajagopalan, head of payments at FSS, a financial technology company that has a product for banks to issue tokens to their customers.
Tokens also come with very high security features. “Once the token is issued, other than you (the card holder), no one else, including your bank’s employees, can reverse the token to find the original card number,” says Rajagopalan. India’s two major card networks, Visa and Mastercard, already have products for turning account numbers into digital tokens. But RBI’s move will hopefully bring more publicity to this feature and normal retail customers can get their bank to issue them tokens at no extra cost.
A key security aspect of tokens is its dynamic nature. “The 16-digit token in lieu of your debit card will change with every transaction. So far in India most of the innovation was happening around UPI and the IMPS platform, but this is the first major innovation in cards. With encryption and tokenisation, we can expect frauds in the ecommerce space to reduce drastically. The shift to EMV card and pin did reduce fraud on the ATM side, but in the online space, tokenisation is the way forward,” says Deepak Sharma, head of digital, Kotak Mahindra Bank, which has run pilots with tokens.
Wallets like Apple Pay and Samsung Pay, which require storage of card data on mobile devices, might for the first time be able to break into the conservative Indian market with tokenisation, say industry players. “Now, with payment networks being token-agnostic, they can route all transactions be it in card form or tokens,” says Damodharan Sampathkumar, GM in payment solutions company Renovite.