No CVV Required For Credit/Debit Card Payments From This Date: Say Hello To Tokens!
So there will be no fear of data theft after this implementation.
Till now, merchants and e-commerce entities asked their customers to save card details so that payment for purchases can be made faster.
But, it also increases the risk of data being stolen.
With the latest changes, this can be avoided as now the Reserve Bank of India is allowing tokenization of cards while making payments.
How Does Tokenisation Work?
In simple words, tokenization is the process of replacing the card details with an alternative code called ‘token’.
Basically, a token is unique for a combination of card, token requestor and the device.
Here, a token requestor is an entity that accepts a request from the customer for tokenization of a card and passes it on to the card network to issue a token.
The same system is also being used in making payments at point-of-sale (PoS) terminals and QR code payments.
RBI Mandate For Tokenization
Under this rule, RBI has directed merchants not to store card details in their system from January 1, 2022.
Further, RBI has extended tokenization of card-on-File (CoF) transactions–where card details used to be stored by merchants.
In a circular, the RBI said, “With effect from January 1, 2022, no entity in the card transaction or payment chain, other than the card issuers and card networks, should store the actual card data. Any such data stored previously will be purged,”.
Prior to this, the RBI had barred storage of data in March 2020 although, extended the deadline to December 31, 2021.
How To Tokenize Your Cards?
Now, cardholders can tokenize their cards by initiating a request on the app provided by the token requestor.
Further, the request will be forwarded to the card network by the token requestor with the consent of the card issuer.
It will issue a token corresponding to the combination of the card, the token requestor, and the device.
Tokenisation can be done through mobile phones or tablets for all use cases and channels like contactless card transactions, payments through QR codes and apps.
The companies including Visa and MasterCard will act as Token Service Providers (TSPs).
They will also provide the tokens to mobile payments or e-commerce platforms.
So that they can be used for payment for purchases instead of card number and CVV, the three-digit number written on the back of a card.
How About Digital Wallets?
In the case of digital wallets, when you enter your card details in Google Pay or Paytm, these platforms will ask the respective TSPs for a token.
Further, these TSPs will request verification of the data from the customer’s card issuing bank.
Once the verification of the data is completed, a unique code will be generated.
It will remain irreversibly linked to the customer’s device and cannot be replaced.
So, whenever a customer uses his or her device to make a payment, the platform will be able to authorize the transaction by simply sharing the token, without having to reveal the customer’s true data.
Basically, these tokens can be generated to safeguard payments in mobile wallets and physical or online stores like Flipkart.