Headlines like RBI releases guidelines for tokenisation can pump the blood in any Indian crypto investor’s heart, including mine. Until you hear the second part – for card transactions.
Nevertheless, for a country moving towards digital economy, this is a step in the right direction. On January 8, 2019, RBI announced tokenisation of card transactions.
Basically, with tokenisation, you will receive a unique 16 digit code for your credit or debit card that can be used for making purchases both online and offline. But the 16 digit token will be different for each combination of card requester, card holder device and the card number itself.
Why is it good? Because you don’t have to risk sharing your actual credit card or debit card details anywhere. Hence, if you want to load money to your PayTM wallet, you don’t have to give your credit card number. Instead, MasterCard, Visa or RuPay can give you a token number for your card to be used PayTM and you use the token to complete the transaction. This token number cannot be used on any other site.
That’s not all. Each token generation event (Pun intended for crypto ICOs) is secured with an additional factor authentication from the card user. You, the card user have to authenticate the request by entering a PIN or password to generate the token.
Security (of) Tokens
Am I intentionally punning everything with crypto terminology? Yes.
Do I enjoy it? Yes.
But the whole thing is that RBI is doing everything they can to protect users from fraud, but have decided that cryptocurrency trading should not be encouraged.
Anyway, talking about the security of Credit Card transaction tokens, it is phenomenally better than storing card details on websites. Currently, most of the online platforms store credit card numbers for quick checkouts. However, if one of these platforms were to be hacked, the credit card information can be leaked.
If there is a token stored on sites instead of actual card numbers, despite the hack, no one could actually use that token. Why? Because the card processors need to verify if the transaction is initiated from the “identified” device – where the token is registered from.
Additionally, only two parties – Credit card issuer and the bank will know the actual credit card number. That reduces the risk of card information theft by a significant margin.
On top of that, customers have the option to choose the use cases for each token and also set a per transaction or daily limit on the token.
Customers will be able to report lost devices that may risk exposing the token details.
Not the First to Market
Tokenisation is used in the US, UK Australia and a few other countries. Both Apple and Samsung allows you to use their Apple Pay and Samsung Pay services using tokenisation.
In India, Samsung Pay works like quite a charm. Apple Pay doesn’t have a footprint. Samsung Pay works in a way similar to the RBI guidelines. The phone holds the token for the card you wish to use. If there is an NFC enabled POS machine, just hovering the phone over the machine is enough to process the transaction. In case, the machine isn’t equipped for contactless transactions, the token number can be manually entered in the machine to process a transaction.
I still prefer UPI over any card transaction honestly.
For honesty sake, I only wrote this article to play with the heading “RBI Releases Guidelines for Tokenisation”. I hope you did learn something new today.
You can join our telegram group and keep the conversation going.
We removed the advertisement to remind you about supporting Coin Crunch India. Donate to Keep News Free from influence, research oriented and exclusive on Coin Crunch India. Click here to Donate.