How To Tokenise Your Debit and Credit Cards
With the Reserve Bank of India (RBI)'s deadline for card tokenisation ending on 30th September (unless it is extended again), many debit and credit card-holders are worried about making payments online after 1st October. As per RBI's framework for card-on-file (CoF) tokenisation (CoFT), card-holders can create tokens or a unique alternate code instead of card details, which the merchants can store to process transactions in future. However, creating tokens is voluntary for card-holders, and those who do not wish to create a token can continue to transact by entering card details manually at the time of the transaction, RBI clarified.  
 
At present, many entities, including e-commerce players and merchants, store card data like card numbers and expiry dates, citing the convenience and comfort of the card-holder for future transactions. While this practice does render convenience, the availability of card details with multiple entities increases the risk of card data being stolen/ misused. 
 
According to RBI, there have been instances where such data stored by merchants have been compromised. "Given the fact that many jurisdictions do not mandate additional factor of authentication (AFA) for authenticating card transactions, stolen data in the hands of fraudsters may result in unauthorised transactions and resultant monetary loss to card-holders. Within India as well, social engineering techniques can be employed to perpetrate frauds using such data."
 
Tokenisation is the process of replacing a card's 16-digit number on the debit or credit card with a unique alternate card number, or token, which is unique for a combination of card, token requestor (merchant) and device. Tokens can be used for online transactions, mobile point-of-sale (PoS) transactions or in-app transactions. No personal information that can be directly accessed is stored on the token. 
 
To create a token under the CoFT framework, the card-holder has to undergo a one-time registration process for each card at every online or e-commerce merchant's website or mobile application, entering the card details and giving consent to create a token. 
 
This consent is validated by way of authentication through an additional factor of authentication (AFA). Afterwards, a token is created for the card and online or e-commerce merchant. This token, however, cannot be used for payment at any other merchant. 
 
For future transactions performed at the same merchant website or mobile application, the card-holder can identify the card with the last four digits during the checkout process. In short, the card-holder is not required to remember or enter the token for future transactions. A card can be tokenised at any number of online or e-commerce merchants. For every online or e-commerce merchant where the card is tokenised, a specific token needs to be created.
 
Also, remember, if needed, you can delete the token by directly going to the merchant's website or app and deleting the card associated with the token from your payment preferences. 
 
How To Create a Token for Your Debit or Credit Card?
 
1. Open the online application or website for buying groceries, paying bills or ordering food and initiate a transaction.
 
2. While checking out, select your credit or debit card and provide card verification value (CVV).
 
3. Select the check box 'secure your card' or 'save card as per RBI guidelines'.
 
4. Enter the one-time passcode (OTP) received on your mobile number registered with the card-provider.
 
5. Your card details will be saved. You will receive a message mentioning the token code from your card-provider. The next time, you just need to identify your card from its last four digits and carry on with the transaction without remembering the token code.
 
Comments
thankhew
2 months ago
"Tokens are unique for the combination of a card, token requestor (merchant) and DEVICE."
Queries:
a) It means I have to use the same DEVICE (mobile phone/ pc) for transactions as I had used for tokenisation?
b) Do they store the CVV number? If yes, isn't that a huge risk?
RBS
2 months ago
Do I have to have a token for each of my online vendor for each of my card ? For
example, if I have an Axis Bank credit card and I have an ICICI Bank credit card. When I purchase online from a vendor by using Axis Bank CR Card, do I need a separate Tokenisation and when I purchase online from the same vendor using ICICI Bank Cr Card I need Tokenisation of the ICICI Bank Cr Card again?
MDT
Replied to RBS comment 2 months ago
Tokens are unique for the combination of a card, token requestor (merchant) and device. This means you will have to tokenise each card at each merchant separately.
In This GIFT City Story, One More Example of How IL&FS Used Its Partners & Made Them Scapegoats
Sucheta Dalal, 30 September 2022
Now that the Gujarat International Finance Tec-City (GIFT City) is out of the shadows of the beleaguered Infrastructure Leasing and Financial Services (IL&FS), it is finally on its way to achieve a part of the promise showcased at...
No Premature Closure of Senior Citizens' Savings Scheme Account on Death: Govt
IANS 29 September 2022
The finance ministry on Thursday clarified that premature closure of an account under the Senior Citizens' Savings Scheme (SCSS) does not get triggered due to the death of account-holder, but is applicable only when the account...
ED Freezes OctaFx Trading's Bank Balance of Rs21.14 Crore under FEMA
IANS 29 September 2022
The enforcement directorate (ED) on Thursday said it has frozen the bank balance to the tune of Rs21.14 crore of OctaFx and related entities in the case of illegal online forex (foreign exchange) trading through international...
Stock Price Manipulation: SEBI Imposes Rs10 Lakh Penalty on ARG Management Solutions
Moneylife Digital Team 29 September 2022
Market regulator Securities and Exchange Board of India (SEBI) has levied a penalty of Rs10 lakh on ARG Management Solutions Pvt Ltd for indulging in manipulation of the share prices of Nutraplus India Ltd.
 
The order came...
Free Helpline
Legal Credit
Feedback