Banks indicate they are well prepared for the card tokenisation system and emphasise it will not impact customers. While lenders expect it to be a smooth transition, there could be some initial friction as consumers and merchants adapt to the new system.
“This move by the Reserve Bank of India will enhance card security framework for digital transactions. With tokenisation, a card specific token is generated. Going forward that token can be used for all online transactions. This will ensure enhanced security. In case of any data breach or hacking attempt at the merchant’s end, the customer’s card details will still be protected,” said Sanjeev Moghe, EVP and Head-Cards and Payments, Axis Bank, adding that the lender is prepared for tokenisation.
RBI clarifies
The Reserve Bank of India has (RBI) said that contrary to some concerns, there would be no requirement to input card details for every transaction under the tokenisation arrangement.
“HDFC Bank, ICICI Bank and SBI Cards already have the card tokenisation system in place for online transactions, while few players have device-based tokenisation (SBI Cards with Samsung) for contactless NFC payments,” said a recent statement by Emkay Global.
HSBC India, in April, had announced that it has collaborated with Google Pay and VISA to enable secured tokenisation on its credit cards.
“The RBI has addressed all concerns. With the growing popularity of e-commerce, this step is welcome,” said another banker, adding that there could be some amount of adaptation required for customers. “Customers will not have to tap in their 16 digit card number every time they make a purchase,” he said.
Mandar Agashe, Founder, Managing Director and Vice-Chairman, Sarvatra Technologies also said the current situation is similar to when PIN was introduced for every transaction. It took a lot of effort but we have the lowest PIN-based frauds in the world, he pointed out.
“Merchants have to be ready to purge all the customer card data and get the token from the individual banks. Banks are also getting ready. There will be some level of friction at the back end if some bank is not ready. So, those customers may face inconvenience if the issuing bank doesn’t give the token to the merchant on time; then, the customer has to enter the card data every time,” he said.
Emkay Global stated the mandatory tokenisation of cards and resultant customer inconvenience in the initial phase may deter cardholders from making low-value online card payments and may push them to other payment modes such as UPI and wallets.
“However, it would alleviate security concerns in online transactions; thus, it will be a long-term positive for the card industry,” it said.
The RBI, in March 2020, had stipulated that authorised payment aggregators and the merchants onboarded by them should not store actual card data. The deadline is set for January 1, 2022, post which no entity in the card transaction or payment chain, other than the card issuers and/or card networks, shall store the actual card data.
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.