Pre-cum-Mains GS Foundation Program for UPSC 2026 | Starting from 5th Dec. 2024 Click Here for more information
Customers cannot be charged for availing tokenisation service: RBI
News:
RBI proposed no charges from the customer for availing tokenisation service.
Important Facts:
- The Reserve of India (RBI) has allowed all card payment networks to offer tokenisation service without any charges.
- Tokenisation involves a process in which a unique token masks sensitive card details. The token is then used to perform card transactions in contact-less mode at Point of Sale (POS) terminals, Quick Response (QR) code payments, etc.
What is Tokenisation.
- Tokenization is a process through which sensitive information or data is replaced with a unique set of characters that retain all the essential information without compromising the security of the sensitive information.
- In the payments space, tokenization is the process of replacing the 16-digit payment card account number with a unique digital identifier known as a ‘token’ in mobile and online transactions. This token then allows payments to be processed without exposing sensitive account details that could breach security and privacy.
How does tokenization actually work?
- Consumer credit cards come with names, 16-digit personal account numbers (PANs), expiration dates and security codes — any of which can be “tokenized.”
- When a merchant swipes a customer’s credit card, the PAN is automatically replaced with a randomly generated alphanumeric ID (“token”)
- Original PAN never enters the merchant’s payment system. Only the token ID does. The merchant can use this special token ID to keep records of the customer
- This token then gets transmitted to the payment processor who de-tokenizes the ID and authorizes payment.
Advantage:
- Data Security – Tokenization keeps credit card data safe from internal and external threats that can occur during payment processing.
- Credit card tokenization helps online businesses improve their data security, from the point of data capture to storage as it eliminates the actual storage of credit card numbers in the POS machines and internal systems.
- Comfort – Multiple tokens are issued for the same card payment on different platforms that use tokenization.
- So even if a website you use gets breached and the tokens are acquired by the hacker/miscreant, it’s difficult to reverse engineer the actual card number from it as access to the tokenization logic will also be needed.