Reader TTS

From 1 October, online transaction norms for debit and credit cards will change for all users as the Reserve Bank of India's (RBI) card-on-file (CoF) tokenisation norms kicks in.

But what is tokenisation? How will this change your online transactions? And why has it been put in place?

Tokenisation refers to the replacement of information or sensitive digital data with a digitally generated token.

The process helps do away with a customer's card information being stored on any merchant, payment gateway, or third-party platform.

While paying for something online, users will no longer have to punch in the 16 digit number on their card. The operating bank will issue a non-sensitive, equivalent digital token for the

transaction.

The tokenisation process will also mask names on the card, expiry dates, and CVV codes, for an added layer of security

Like we mentioned, card details and user data are often stored on payment or merchant gateways. It is this data storage on websites that could make the customer's data vulnerable to online

phishing and fraud.

Tokenisation is considered to be a safer alternative, as the actual card details are not available to a merchant during a transaction. The customer's card details are only stored with the

bank and the authorised card network.

To obtain a token, the cardholder needs to go through a one-time registration process while utilizing their cards on any e-commerce platform. As soon as they enter their card details, it

gives consent to create a token, which is then validated by way of authentication through an additional-factor-of-authentication (AFA).

After this, a token is created which can be used for future transactions with the CVV number and an OTP.

The RBI has also told merchants to create a "token reference number" against each token. Only these reference numbers are saved by the merchants. Once a fraud is detected, the same token

cannot be used again. Users will have to request a new token.

Customers can choose whether or not to get their card tokenised, according to CNBC TV18. If they not do not want to get their card tokenised, starting from 1 October 2022, cardholders will

just have to enter the full card number, CVV, and expiry date of the card for each individual online transaction.

The tokenisation system has been met with mixed reactions. While banks, card companies and large retailers are prepared, smaller merchants may face trouble, as this move could lead to

revenue losses in the short-term if they're inadequately prepared.

(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)