TOKENISATION 

1.Context

2.Key Points

• For any purchases done online or through mobile apps, merchants, payment aggregators and payment gateways will not be able to save crucial customer credit and debit card details such as CVV and expiry date.
• Many extensions were given to the system for a comfortable switchover.
• To make sure that the customer's safety is not compromised because of problems faced in the implementation of tokenisation.
• The feedback from all stakeholders is that the system can go on.
• Close to 35 crores of tokens have already been created.
• In September alone, 40 per cent of transactions, valuing around Rs 63 crores, were done using tokens.

3.Tokenisation 

4.India's decision on tokenisation 

• In September 2021, the RBI prohibited merchants from storing customer card details on their servers with effect from January 1, 2022, and mandated the adoption of CoF tokenisation as an alternative.
• Following representations from Industry players and digital payment platforms which anticipated disruption in online transactions, the RBI extended the implementation date to June 30, 2022.
• This deadline was further extended as the RBI felt that although considerable progress had been made, the concept was yet to gain traction across all categories of merchants.
• Subsequently, the deadline was extended till September 30, 2022.

5.Working of Tokenisation 

• A debit or credit card holder can get the card tokenised by initiating a request on the app provided by the token requester. 
• The token requester will forward the request to the card network which, with the consent of the card issuer, will issue a token corresponding to the combination of the card, the token requester and the device.
• In case of an online transaction, instead of card details, a unique token will be stored on the server.
• The merchant or transaction platform sends out a message to Visa or Mastercard or a payment gateway, which asks for a token against that card number and will then pass it on to the bank for allowing the transaction.
• Earlier, the tokenisation facility was available only for mobile phones and tablets of interested card holders.
• Subsequently, the RBI decided to extend the scope to include laptops, desktops, wearables (Wristwatches, bands, etc) and Internet of Things (IoT) devices.

6.Services 

• Tokenisation can be performed only by the authorised card network and recovery of the original Primary Account Number (PAN) should be feasible for the authorised card network only.
• Adequate safeguards have to be put in place to ensure that PAN cannot be found out from the token and vice versa, by anyone except the card network.

7.Benefits to the Customers 

• A tokenised card transaction is considered safer as the actual card details are not shared with the merchant during transaction processing.
• Actual card data, tokens and other relevant details are stored in a secure mode by the authorised card networks.
• The token requestor cannot store PAN or any other card details. 
• Card networks are also mandated to get the token requester certified for safety and security that conform to globally accepted standards.
• With card tokenisation, a card and merchant-specific token are generated. Going forward that token can be used for all online transactions with that merchant.
• In case of any data breach or hacking attempt at the merchant's end, the customer's card details will be protected.

8.Size of the Industry

• During 2021-22, payment transactions carried out through credit cards increased by 27 per cent to 223.99 crores in volume terms and 54.3 per cent to 9.72 lakh in value terms as per the RBI's annual report for 2021-22.
• RBI provides total credit and debit card transaction data in terms of value and volumes, it does not provide separate numbers for online and offline transactions.
• Tokenisation is required wherever you are storing your card details for recurring payments.
• The number of debit and credit cards in the system can give some idea of the tokenisation industry.
• Till the end of July 2022, while the number of credit cards issued stood at around 8 crores, debit cards in the system were 92. 81 crores, recent RBI data showed.

For Prelims & Mains