What is tokenisation?
Tokenization is a process of replacing actual card details with a unique alternate code called the ‘token’. Sensitive customer data such as card number and CVV (card verification value) are replaced with an algorithmically generated encrypted token.
What are the advantages of Tokenization?
Transactions can be done using the tokens without disclosing any sensitive customer details. The customer data will, therefore, no longer be stored with either the merchant or the payment aggregator.
Tokens, if breached, will have little value for hackers since these are randomly generated numbers. RBI has made card tokenization mandatory from 1 January, 2022.
What are the challenges in Tokenization?
First, when cards migrate to tokenization, the credit card EMIs, instant pay-outs, and instant cashbacks may take a major hit.
Second, Tokenization has cost implications, too. Earlier, a simple card transaction used to cost a few paisa, divided among all ecosystem players. The cost for per saved tokenized card will shoot up to ₹6-7. These costs, ultimately, would be passed onto the merchants.
Third, no bank is ready with the tokenization. That leaves everyone in the ecosystem to depend on the network providers—Visa, Mastercard, Amex, Diners, the National Payments Corporation of India (NPCI).
Why EMI’s will not be possible using tokenisation?
EMI is not a payments instrument such as debit card, UPI or net banking. There is no protocol in the infrastructure of card networks such as Visa and Mastercard to label a transaction as an ‘EMI transaction’.
So, when you buy a item and choose EMI on a merchant platform, the payment gateway takes your consent, captures the information but goes ahead processing the transaction like any other credit card transaction.
At the back-end, the payment gateway issues a file that requires your full card number to be sent to the issuer bank and convert the transaction into an EMI. This file processing process is known as the ‘offline EMI model’.
80% of issuers operate in the offline EMI model. So, if we are not able to access the full card number, it is not possible to access the file.
Similarly, there are products like instant payouts and instants cashbacks that require the full card number.