All online purchasing platforms are prohibited from saving your card details, CVV, or expiration date in their systems under the new tokenization rule.
The way you use your credit or debit cards while buying on Amazon, Flipkart, BigBasket, Myntra, and other sites will change on January 1, 2022. On the merchant’s website, you would no longer be required to remember your 16-digit card number and card expiration date. According to the Reserve Bank of India’s (RBI) new rules, the only method to make a card payment repeatedly is through a new procedure known as ‘tokenization.’
What is card tokenization?
When you shop online or book tickets through travel portals, you often save your credit card information. As a result, you won’t have to remember your card information every time you shop. You check out in a matter of seconds after entering the CVV.
That, however, was a dangerous move. Your card information could be stolen if your website or travel gateway is compromised. Furthermore, you may have saved your card information on a website years ago and completely forgotten about it. “There’s a good probability that some retailers won’t know how to store secure card information,” says Razorpay’s CEO and Co-Founder Harshil Mathur.
Then there’s tokenization. This is the process of transforming your card information into a single-use token that is unique to your card and can only be used by one merchant at a time. This code hides the exact details of your card, preventing anyone from misusing it. This token can be saved on the server of the web portal.
The new tokenization rule, which takes effect on January 1, prevents all online shopping sites from storing card numbers, CVVs, expiration dates, and other personal information on their servers. So, before you buy something, you either make a token and save it on the website (for future use) or enter your credit card information every time you buy something online.
“Data leaks from merchant websites have occurred in the past; digital transactions are also on the rise, necessitating increased security.” As a result, this is a preventive measure imposed by the authority in order to improve card data security,” explains Reeju Datta, co-founder of Cashfree Payment.
How does this card tokenization work?
Enter your card details and choose tokenization when checking out on an online shopping platform. It is forwarded to the appropriate bank or card networks by your merchant (VISA, Rupay, Mastercard, etc). Your merchant generates a token and sends it back to you, who saves it for you. Simply choose this saved token at check-out time the next time you go shopping. The identical masked card details and last four digits of your card number will appear. To complete the purchase, you’ll need to input your CVV. Tokenization isn’t required, but it makes shopping more convenient.
“You don’t have to remember the token as a customer.” “While completing the payment, the end-customer experience does not change,” explains Jagdish Kumar, VP Products and Solutions-Digital Commerce at Worldline India.
Also read – Five large-cap funds that outperformed the Nifty 100 TRI
Is the tokenization service free?
Yes, card tokenization is completely free and available to everybody. Tokenization is currently only available for domestic cards. This policy does not apply to international cards. To complete a transaction, you can request tokenization on any number of cards. “If a merchant does not integrate with the card network and bank supplying the cards by December 31, you will have to enter the card data every time,” explains Manas Mishra, Chief Product Officer at PayU.
“Effective January 1, 2022, your HDFC Bank card details held on merchant website/app will be destroyed by the merchants as per the RBI rule for increased card security,” HDFC Bank sent an SMS to its customers. Enter complete card data or choose tokenization to pay each time.” Other banks are expected to send out similar communications to their customers in the coming days.
Does a card have different tokens for different merchants?
One token can only be used for one card and one merchant (online portal). For example, if you have an ICICI Bank credit card that has been tokenized on Amazon, it will have a distinct token on Flipkart. As a consumer, however, you are not required to know or remember the token associated with the card. You can tokenize several cards with the same merchant or multiple merchants with the same card.
What is the best way to manage my tokens?
There is a better approach to manage your tokens if you have many cards and frequently shop online. Let’s say you wish to get rid of some tokens you obtained from a specific website a long time ago. According to Razorpay’s Mathur, an issuing bank would now give a dedicated tokenized card management interface (on its own bank’s website). Simply put, your dashboard will now display you a list of your cards and where you’ve tokenized them (merchants). Delete tokenized cards for websites you don’t visit often.
What will happen to the token once the card gets replaced or renewed or reissued or upgraded?
You need to visit the merchant page and create a fresh token. That is because your new card (credit or debit) comes with a new number and CVV