Dubai: Although we’ve been hearing much of so-called ‘tokens’, which represent a specific digital signature or asset with no standard value, how it now increasingly benefits the holder to use it for investment or economic purposes is still unclear for most of us.
So in India, when the central bank (Reserve Bank of India or RBI) mandated that ‘tokenisation’ be an option that is compulsorily offered for all credit and debit cards from October 1, it seemed pertinent to Non-Resident Indians (NRIs) as well. But if it does affect overseas Indian expats, in what way?
‘Tokenisation’, as described on the RBI website, "refers to replacement of actual card details with an alternate code called the 'token', which shall be unique for a combination of card, ‘token requestor’, and the identified device.”
You might need to allow additional time when making online payments if you don't adhere to the new tokenisation guidelines that the RBI has announced
How does ‘tokenisation’ of debit, credit cards work?
A debit or credit card holder can get the card tokenised by initiating a request on the app provided by the token requester. The token requester will forward the request to the card network which, with the consent of the card issuer, will issue a token corresponding to the combination of the card, the token requester, and the device.
“You might need to allow additional time when making online payments if you don't adhere to the new tokenisation guidelines that the RBI has announced,” explained Jose Paul, an India-based banking analyst specialising in UPI payments, who went to also explain why.
“Customers who do not have the tokenisation facility will have to key in their name, 16-digit card number, expiry date and the card’s security code (CVV) each time they order something online. This could be cumbersome exercise and may impact transaction value, especially when done through stored cards. In case of multiple cards, each will have to be tokenised.”
Are ‘tokenised’ card transactions safe? Is it compulsory?
“These regulations prohibit India-based retailers from keeping a record of your card details when you make an online purchase. To increase the security and safety of the online payment system, the RBI has announced these tokenisation rules,” added Paul.
However, although RBI has made it compulsory for financial institutions to avail users such an option, the tokenisation system is completely optional and without any strings attached. Nevertheless, it does make payments easier while protecting your data, flag experts.
“A tokenised card transaction is considered safer as the actual card details are not shared with the merchant during transaction processing,” added Paul. “However, tokenisation is not mandatory. It is your choice to allow tokenisation of your card. Those who don't want to create a token can carry on with their transaction as usual by manually entering their card information.”
How online transactions are made safe through 'tokenisation'
According to the RBI, registering for a tokenisation request can only be done with the direct consent of the transacting customer using ‘Additional Factor of Authentication’ (AFA), not through any other means. Additionally, the consumer will have the option of choosing the use case and creating limits.
Reserve Bank of India (RBI) had last year mandated the use of multi-factor authentication for all payment networks. It required them to send a one-time password (OTP) or use a 3D PIN as the second part of the authentication process for any payment, which the customer would receive via SMS.
Additionally, ‘tokenisation’ can be performed only by the authorised card network. Adequate safeguards have to be put in place to ensure that the PAN (permanent account number) cannot be found out from the token and vice versa, by anyone except the card network.
Does this apply to all online transactions made in India? Is there a cost?
“Only domestic online transactions can use tokenisation,” explained Brijesh Meti, a credit consultant based in India. So how does this affect NRIs based overseas?
“This not only affects any transaction that originates in India at online retail outlets, but all transactions done in India with the currency code as INR (Indian Rupees),” added Meti. “So only if an NRI’s India-based bank cards have enabled domestic usage to transact at retail stores, online websites or mobile apps in India, the ‘tokenisation’ option will be enabled.” But is there a cost involved?
No, making use of a ‘tokenisation’ service is not a chargeable affair. Also note that the facility for card ‘tokenisation’ was earlier only available for mobile phones and tablets of interested card holders, but with an uptick in tokenisation volume, the RBI decided to extend the scope of tokenisation to include consumer devices – laptops, desktops, wearables etc.
Only if an NRI’s India-based bank cards have enabled domestic usage to transact at retail stores, online websites or mobile apps in India, the ‘tokenisation’ option will be enabled
How you can tokenise your debit and credit cards in India?
Here’s a step-by-step walkthrough on how you can tokenise your debit and credit cards in India:
1. Visit any online store or merchant application to place an order and begin the payment process.
2. Enter your debit or credit card information throughout the checkout process. Alternately, select your preferred bank's debit card or credit card from your earlier selected list and enter the rest of the information.
3. Select the ‘Secure your card’ or ‘Save card as per RBI rules’ option, and confirm the transaction by entering the OTP that your bank issued to your email or mobile device.
4. Token will be created and kept in place of your actual card information. The last four digits of your saved card will be shown to help you detect it when making additional payments when you return to the same website or mobile app because it has been tokenised.