More tokenization by the RBI lessens the trade-off between security and ease-of-use compulsions in the digital payments market

With the growing popularity of digital payments, there is a need to improve convenience, resilience, security, real-time, and cost. In terms of product innovation (e.g., UPI, e-RUPI, etc. ), increased security features (OTP, warnings), and risk management systems, we’ve witnessed some changes (fraud checks, faster settlement, etc.).

However, in many cases, these advancements are at odds with one another, such as an additional authentication element increasing transaction friction for the user. We continue to observe significant dropout rates in e-commerce transactions. Businesses demand that transaction friction be reduced to the point where a customer can complete a transaction in one click or even zero clicks. Payment transactions are made more convenient and secure thanks to tokenization. The notion has gained widespread acceptance in the payment card industry around the world.

Tokenization is the process of substituting non-sensitive data for sensitive data. It is commonly used in the payments card business to replace a surrogate value termed a token with a cardholder’s card number (i.e., PAN). Payments use various tokenization approaches, which vary based on the parties involved in the transaction (merchants, acquirers, card networks or issuers). Tokenization is how merchants or acquirers keep sensitive card information in a secure vault and use a token to perform payment transactions within their environment.

Recurring payments or one-click payments are examples of applications for this technology. Unlike acquirer tokenization, card network tokenization is interoperable. In this mechanism, the card network issues a token to a requester (such as a merchant or a wallet) for payment processing. In contrast, the sensitive card information is safely maintained in a vault within the card network environment. As we can see, tokenization limits the availability of sensitive card information within a secure vault, reducing the risk of such information being lost on the broader payment environment on the one hand, and relieving the need for cardholders to enter such sensitive information for each transaction, reducing payment friction on the other.

Tokenization can be done with various storage techniques, including device-based, cloud-based, app-based, and card-on-file (CoF) and payment channels such as NFC, MST, in-app, QR code, and so on. In January 2019, the RBI issued guidelines for card tokenization, allowing card-network-enabled tokenization via mobile phones and tablets as a first step. The RBI expanded the directives in August and September to include all types of storage systems. The extension has enabled the industry to develop new, secure, and frictionless use-cases. The circular allows card issuers to serve as TSPs (Token Service Providers) for cards they have issued or are linked with. Allowing for CoFT (Card of File Tokenization), a unique token provided by TSPs for a combination of card, token requestor, and merchant, is a crucial feature of this addition.

Several firms (merchants, e-commerce companies, fintech) offer digital payments, intending to make the checkout stage of a customer’s trip as seamless as possible through novel techniques such as one-click or zero-click costs. Payment data, such as the cardholder’s PAN, must be kept to be retrieved in the future without the consumer having to re-enter.

CoF is a mechanism for this purpose, in which a retailer securely retains cardholder data for repeated use. On the other hand, the cardholder data must be maintained by numerous businesses, although in a secure manner. CoFT, on the other hand, enables merchants/acquirers to provide such frictionless payment options without keeping cardholder data, lowering the risk of data compromise significantly.

In a nutshell, the new extension has allowed the industry to provide increased security, reduced fraud risk, and reduced payment disruption (also known as dropouts) across a wide range of use cases. ‘Card Tokenization’ will increase customer trust in digital payments while also addressing a critical requirement to make payment transactions more frictionless and convenient.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s