Experience the all-new Kotak Netbanking
Simpler, smarter & more intuitive than ever before
Experience the all-new Kotak Netbanking Lite
Simpler, smarter & more intuitive than ever before. Now accessible on your mobile phone!
Disclaimer: This Article is for information purposes only. The views expressed in this Article do not necessarily constitute the views of Kotak Mahindra Bank Ltd. (“Bank”) or its employees. The Bank makes no warranty of any kind with respect to the completeness or accuracy of the material and articles contained in this Article. The information contained in this Article is sourced from empaneled external experts for the benefit of the customers and it does not constitute legal advice from the Bank. The Bank, its directors, employees and the contributors shall not be responsible or liable for any damage or loss resulting from or arising due to reliance on or use of any information contained herein. Tax laws are subject to amendment from time to time. The above information is for general understanding and reference. This is not legal advice or tax advice, and users are advised to consult their tax advisors before making any decision or taking any action.
Reserve Bank of India (RBI), in its circular dated 7th September 2021, stated that it would allow card-on-file tokenisation for e-commerce companies in the wake of booming online businesses. Since an increasing number of businesses are treading the digital path and embracing the digital payment ecosystem, the new RBI guidelines prohibit businesses, payment aggregators, payment gateways and acquiring banks from saving customer card details on their servers from January 1, 2022.
The circular further explains that only issuing banks and card networks (Visa, Mastercard, Rupay, and more) are allowed to store the card information during payment tokenisation. The broader objective behind token authentication was to minimise the occurrences of online fraud by protecting the customers’ valuable financial information from volatile data breaches and theft cases. While the new RBI guidelines prohibit anyone apart from banks and card networks to save card information, the apex body also offered a workaround called ‘Card-on-File Tokenisation.’
What is Card-on-File Tokenisation?
Tokenisation is a process where the cardholder’s original card number, one which is written on the card and is extensively used for transactions and card identification, is replaced with a surrogate term called ‘token.’
This process allows enhanced card protection by converting the customers’ card numbers into tokens. The exchange of tokens happens between the token requestor and the network, which empowers customers to receive a secure and reliable online payment experience. All relationship evidence of such exchange between token and crucial card information is securely saved in a vault that is only accessible to the card networks. Resultantly, the customers’ card details will be highly protected from online frauds and hackers.
How Does Card-on-File Tokenisation Work?
When a customer makes a transaction by using their card at a tokenisation-based-authentication server, here is the flow of the process:
For instance, card number (example): 4018 2255 6984 7854 will be replaced with token number: 4325 5214 8574 6658. Tokenisation system is an important tool for separating crucial data in ecosystems and databases while also offering enhanced card protection to the cardholders.
Read Also: Explore discounts & Promo Codes on Yatra with a Credit card
Common FAQs Around Card-on-File Tokenisation
A transaction with tokenised card detail is much safer than a conventional one. Needless to say, when the actual card details aren’t shared with the merchant during transactions, it is unlikely to be captured by hackers and online scamsters, making it a super safe experience for card issuers, merchants, and cardholders.
Yes, from 1st January 2021 onwards, debit and credit cards both have to undergo tokenisation for any online transaction or purchase.
There are no charges associated with availing of tokenisation service for customers.
Only authorised card networks are allowed to store the actual card data, tokens and other relevant details. Card networks are also mandated to certify the token requestor for safety and security that conform to international best practices / globally accepted standards.
The answer is NO! the tokenisation is only valid and relevant in cases of online transactions.
After the actual card details have been tokenised, the cardholder can see the last four digits of their card number to validate the transaction. The rest of the initial 12 numbers are hidden and tokenised for increased safety.
No, it’s entirely on the customer’s choice to get their card tokenised. However, all cardholders must enable this when transacting online for enhanced safety of their cards and reducing incidences of a data breach.
No, so far, the tokenisation only covers domestic transactions happening within India.
A customer can request for any number of cards to get tokenised; there’s no limit on the maximum number of cards. While making a transaction, a customer can use any of the tokenised card details taken from the token requestor app. For every combination of card and merchant, a unique token is generated each time. A customer is free to use any of the existing cards or a new credit card registered with the token requestor app.
Read Also : क्रेडिट कार्ड क्या है ?
The above RBI guidelines on card-on-file tokenisation have come at just the right time when India’s digital payment landscape is expanding, and Indian consumers are increasingly turning to digital payment methods every day for regular and discretionary needs.
You have already rated this article
OK