RBI has set a deadline of 31st December 2021 for all the companies accepting digital payments through cards, to accept the payments via tokens. The Good news for banking is that the tokenization of card payments is delayed and the new deadline is not set to 1st July 2022 for all the merchants. This process of accepting the payments is known as RBI tokenization.
What is Tokenization?
In India and around the world people use cards to withdraw money from their bank accounts, make online payments, take personal loans, buy goods on EMI, avail subscriptions etc. In making any online payment wherever a user enters their cards details, the merchants save such details so that on the next due date it becomes easy for the user to make a payment. This became a security threat. The featured image to this article is taken from – M2P Medium
Cards details saved by Merchants such as Amazon | Flipkart | Facebook etc
- Card Holder Name
- Card Company
- 16 Digit Card Number
- Card Expiry Date
- CVV
These details are saved and kept on the merchant’s or digital platform’s servers. RBI asked these companies that all the online card payments should be done via the tokenization method and no financial data should be stored with the merchants. The stored data is a source of all problems. Therefore RBI tokenization was forced on the merchants. The deadline for the RBI Tokenization implementation was kept short and hence all the noise.
Why RBI Tokenization?
A few months ago an incident took place that did not receive much attention. The incident though caught RBI off guard. A payment gateway hack. Mobikwik is a payment portal, that was hacked by some professional hackers and all the financial data like card details were dumped or sold on the darknet. People are unaware, especially the Indian users’ who use cards for online payments.
The fact that most people are already compromised is not brought into the news. The Mobikwik incident exposed the vulnerability of the system and hence RBI saw it fit to provide an additional layer of safety because most of the financial data is out in the open. Therefore the Bhramastra was forged in the form of a Token.
How RBI Tokenization will work?
In order to understand the how of tokenization, we need to first understand the flow of our transactions. There are multiple entities that will interact with our card’s data to generate a token. A token is nothing but a sequence of random numbers.
- We choose to pay a merchant lets say an OTT platform via our credit card to avail a subscription service.
- The first step is we enter our card details.
- These details are verified by the card issuer, which can be our savings bank account or other bank or a card company like master card or visa.
- After approval these details are sent to a card tokenization company that will issue a token by interlinking
- Device
- OTT Platform
- Card Issuer data
The last step that is interlinking is very important a card, a device and a platform token will be only issued when all the three conditions are met during the payment. If you try to use a different device again a new token will be generated.
How will RBI Tokenization impact the users?
An end-user or a customer will feel no change in the services as all the card data on the server of the merchant will be purged and a token will be used instead of that.
Advantages of the RBI Tokenization
- No card data will be stored on Merchants website or server
- Extra layer of security is added to the system
Disadvantages of the RBI Tokenization
- Implementation problem currently there are no Indian companies catering to such a demand.
- Financial Data of the Indian card users will be shared with two different companies.
- Who will bear the cost of this additional layer of security is not clear.
- How will this impact the profitability of banks that is banking sector will be under pressure.
