DailyPost 2199

The assurance of security being provided by all companies in the trade turn out to be whimper, when it comes to a leak or breach of databases. More often that not we have been made to believe that the data leaked is inconsequential and would not impact the customer / user. Uber has been the most recent example. The caveat to leaks is that more often than not leaks don’t see the light of the day. The customer is mostly in the dark. The moral of the story thus is that at the protocol / platform level, security needs to improve, rather than leaving to self-regulation or leaving it to the half-baked current operational systems.

Tokenisation is thus the way forward in the world of digital transactions. Tokenisation rules have kickstarted from 1st Oct 2022 in India. What is tokenisation? Tokenisation is the process of replacement of card details with an alternate code called the “token.” The current RBI directive would turn out to the game changer in the field of digital transactions security. RBI has made it mandatory for all credit and debit card data used in online, point-of-sale, and in-app transactions with unique tokens.

The additional layer being added by way of tokenisation is expected to enhance users’ digital payment experience. RBI has been strict with the guidelines though it pushed the deadline a few times for smooth transition. The additional time period enabled the stakeholders in facilitating the industry to be ready for handling tokenised transactions. On the eve of the guidelines coming to force, 35 crore cards tokenisation was complete. This was up from 19.5 crores created till June. The current digital transaction scenario is both intriguing and scary. Currently,”many entities, including merchants, involved in an online card transaction chain store card data like card number, expiry date, etc.(Card-on-File, CoF) citing cardholder convenience and comfort.”

While this exercise may create some convenience, the availability of card details with multiple entities, increases the chances of hacks, leak, even misuse. There have any number of instances of data stored by merchants compromised. Many jurisdictions don’t allow Additional Factor of Authentication, stolen data can find a variety of ill uses. Social engineering can lead to further damaging results. The change is welcome and perceivable. The token request is made by the cardholder, token is then issued with the consent of the card issuer through the card network. The token corresponds to combination of the card, the token requestor and the device. Tokenisation can be performed by authorised card network. The list is such authorised networks is available on RBI website. There is no payment for the service. As of now tokenisation is not mandatory.

Sanjay Sahay

Leave a Comment

Your email address will not be published. Required fields are marked *

The reCAPTCHA verification period has expired. Please reload the page.

Scroll to Top