Only the card-issuing bank or Visa/Mastercard/Rupay/Diners, who are referred to as authorized card networks, may execute tokenization and de-tokenization.
HDFC cardholders take note! As per the Reserve Bank of India (RBI) rule for increased card security, retailers will remove your HDFC Bank card data kept on their website/app. This implies that if you want to make any form of online purchase, you’ll have to provide your whole card number or choose tokenization.
Starting January 1, 2022, the RBI mandates that merchants cannot keep clear card numbers, CVVs, expiration dates, or any other sensitive information relating to cards for the purpose of completing online transactions.
What is tokenisation and how does it work?
Tokenisation is the process of replacing a genuine or clear card number with a different code known as a “Token.” This must be unique for each card, token requestor (i.e. the entity that receives a customer’s request for tokenisation of a card and forwards it to the card network to issue a matching token), and merchant combination (token requestor and merchant may or may not be the same entity).
Where are these Tokens going to be used?
The Tokenised card data will be used instead of an actual card number for future online transactions made or directed by the card user after they have been established.
What are the advantages of tokenization?
Because the real card data are neither disclosed or kept with the merchants to complete the transaction, a tokenised card transaction is deemed safer.
How do you go about getting your card tokenized?
Step 1 – The cardholder may have his or her card tokenized by submitting a request on the token requestor’s website/app or any other equivalent facility supplied by the retailer.
Step 2 – With the agreement of the card issuing bank, the token requestor / merchant will send the request straight to the bank that issued the appropriate credit card or to Visa / Mastercard / Diners / Rupay.
Step 3 – The party that receives the Token Requester’s request will issue a token that corresponds to the card, the token requestor, and the merchant.
Does the Tokenization standard apply to both credit and debit cards?
Yes, from January 1, 2022, both debit and credit cards must be tokenized.
Is Tokenization an option for international Card on File transactions?
No. Only domestic transactions are eligible for tokenization.
How do I keep track of my tokenized cards?
Cardholders will have access to a site where they may examine and manage their tokenised cards. This site allows cardholders to see and remove tokens for their cards.
Will tokenization have any influence on the cardholder’s POS transactions at merchant locations?
No. Tokenization is only necessary for online transactions to be completed.
What are the fees that the cardholder must pay in order to use this service?
The consumer does not have to pay anything to use the Tokenisation service.
Who are the people who can tokenize and de-tokenize?
Only the card issuing bank or Visa/Mastercard/Rupay/Diners, who are referred to as authorised card networks, may execute tokenization and de-tokenization.
Are the card data of the consumer secure after tokenization?
The card issuing bank and/or approved card networks hold actual card data, tokens, and other essential information in a safe encrypted manner. Token requestors and merchants are not permitted to keep the whole card number or any other card information.
Is it necessary for a consumer to tokenize their card?
No, a consumer may choose to have his or her card tokenized or not. If the card is not Tokenised, the cardholder will have to provide the whole card number, CVV, and expiry date every time they perform an online purchase commencing January 1, 2022.