Paytm Will Destroy All Saved Card Details Before June End; Tokenization Of 2.8 Crore Card Details Done
Paytm has tokenised 2.8 crore million cards – or 80% of monthly active cards on its app – across Visa, Mastercard and RuPay.
In Line With RBI Orders
It expects to purge the saved card data before the RBI deadline of 30 June.
It praised RBI’s tokenisation effort towards making online payments safe and secure.
It says that it recognised the need for tokenised cards and implemented the same on the Paytm app.
In Paytm ‘s effort to make online card transactions safe and secure for consumers it has tokenised 28 million cards across Visa, Mastercard and RuPay.
Thanks to this, the company will be able to purge saved card data ahead of the RBI deadline.
RBI has set a deadline of 30 June for companies to complete tokenisation.
In March 2020 it had prohibited payment aggregators and merchants to store customer card credentials within their database or server from 30 June 2021.
However, this had to be extended by six months to 31 December.
Then following requests from industry bodies and other stakeholders it was once again extended by six months.
About The Concept
Tokenisation refers to replacing actual card details with an alternate code called the token.
A token is unique with a combination of card, token requestor and identified device.
The token replaces using actual card details and performs card transactions in contactless mode at point of sale (POS) terminals and quick response (QR) code payments.
The RBI allows tokenised card transaction services to all channels, such as:
- Near field communication (NFC)
- Magnetic secure transmission (MST) based contactless transactions
- In-app payments
- QR code-based payments
- Token storage mechanisms, including cloud, secure element and trusted execution environment
Requirements For Card Issuers
Currently, tokenised card transaction facilities would be offered through mobile phones or tablets only.
It will later be extended to other devices based on experience.
The RBI said that all entities involved in providing card tokenisation services must have a mechanism for periodic system audits in place before providing the service.
It also asks card issuers to ensure easy access to customers for reporting a loss of ‘identified device’ or any other such event, which may expose tokens to unauthorised usage.