DNA Explainer: How new RBI rules for card payments will protect consumers from fraud

Earlier this week, the Reserve Bank of India (RBI) extended the scope of tokenisation to bring in consumer devices like laptops, desktop computers, IoT devices and smart wearables.

Available on for mobile phones and tablets of card holders interested in the service till now, RBI decided to expand the scope after witnessing an “uptake in the volume of tokenised card transactions” in recent months.

With the extension of the rule, authorised card networks can now offer card tokenisation services to any card holder that requests for it, under RBI’s guidelines.

Tokenisation – Card Transactions: Permitting Card-on-File Tokenisation (CoFT) Serviceshttps://t.co/7K83bKrWDI

— ReserveBankOfIndia (@RBI) September 7, 2021

The step was taken by the apex bank after a review of the framework and feedback from keeping in view stakeholders.

Tokenization makes card transactions not just convenient for the users but also ensures security and safety by giving maximum protection against theft or fraud.

What is tokenization?

The process of tokenization essentially replaces the details of your card with a ‘token’ i.e., a unique combination of characters that will enable the processing of a card payment without requiring to exposing any sensitive account details to potential breach of security.

When making a credit card payment at a POS machine or e-commerce platform, a 16-digit random ‘token’ with replace the actual number of the card.

Generally considered a safer bet, tokenisation removes the need too share actual details of a credit or debit card with a merchant for transaction.

What does this mean for consumer convenience and safety?

Token Service Providers (TSPs) can offer the service only after explicit content of the customer. This will require an Additional Factor of Authentication (AFA).

Tokenisation will mitigate the risk of consumer information leaking from a merchant’s database. Merchants not storing actual card data of clients while onboarding them will minimise vulnerabilities in the transaction process.

The process will be convenient for customers as they won’t need to remember all the details of their credit or debit card. Tokenisation also offers convenience in the case of recurring payments.

What happens in case of a fraud?

In case of a fraud or theft, a hacker will not be easily able to derive the information of a customer from a token as reverse engineering a token to the actual details of the card would be tough.