As per the RBI guidelines of October 2022, no merchant or payment gateway/aggregator can no longer store the card data without Tokenisation; Merchants now have to delete all the stored card data and adopt Card on File (CoF) Tokenisation as an alternative method. Wondering what is Tokenisation?

Well, it is an alternate practice to replicate the saved card experience and relieve the payers from manually entering the card details every time. Let’s learn in more detail

What Is Card Tokenisation?

Card Tokenisation is the process of obtaining a unique code (a combination of letters and numbers) for a card, so that the cardholder does not have to enter the sensitive card data during each transaction. Buyers can use this token for the next transactions.

Just as a token represents something else, a card token also represents the card data that merchants can store on behalf of the original card data. This token does not have a value of its own because interpreting the data it represents is next to impossible.

How Does Card Tokenisation Work?

Card Tokenisation enables card users to save their card details on the app/website like before; however, the merchant will only store a token instead of real card data.

The process starts when the cardholder makes a payment using card, and selects "Tokenisation" option. Then, the process takes place:

1. The merchant forwards the Tokenisation request to the payment network
2. Payment network then forwards it to token service providers
3. Token service provider then seeks card authentication from the card issuer
4. They generate a unique code (token) after the approval
5. They forward the token to the merchant or the payment app
6. Merchant or the payment app starts to process a payment with that token and forwards the payment request to the acquiring bank
7. The acquiring bank forwards the token to the issuing bank
8. The issuing bank authorises the transaction by matching the details with their database
9. Merchant keeps the token for upcoming transactions

While shopping on the same app or website again, the user just needs to

1. Select the card by seeing the last 4 digits
2. Enter the CVV
3. Complete the verification with password/OTP

Here the token works as a digital card. Entering the CVV and completing the verification will remain constant for all the transactions with or without the tokens. A tokenised transaction will only save the user from entering the card number, name on card, and expiry date – that's all.

Note: There will be different tokens of the same card on different websites/apps because the same token cannot be used to transact with different merchants. However, users can generate tokens for multiple cards on the same website/app. During transactions, users only have to select the card they want to transact with. On upgrading a card, they need to generate a fresh token. It is not yet mandatory for the customers.

Who Provides Card Tokens? What Is The Charge of Card Tokens?

Card networks or card issuers can provide the tokens for free and they have the right to decline the Tokenisation request if there are suspicious activities. They are also called token service providers.

Where Can You Use Card Tokens?

You can use the card tokens for transactions with the same app or website in future. Followings are the use-cases of card tokens

1. eCommerce transaction
2. Utility bill payments
3. Recurring payments
4. All in-app purchases

Why Should You Invest In Card Tokenisation?

Today, a majority of card transactions take place through saved cards because it helps the payers to transact very easily. Due to a spike in data breach cases, RBI puts restrictions on saving card data to safeguard both merchants and customers from monetary loss.

However, customers may not be willing to enter card details for each transaction as they are used to the saved card process. So, RBI introduced Card Tokenisation to save them from putting in extra effort. Card Tokenisation readily

• Enhances security of online payments
• Improves the checkout experience of the users
• Reduces the possibility of failed transactions due to wrong card details
• Minimizes the possibility of stealing the sensitive card data
• Assists in achieving PCI-DSS compliance

Previously, some users often unchecked the option to save their cards on any website as they find it risky. They too can opt for Card Tokenisation because the hackers cannot get the real card data through these tokens. Merchants also never see or store the original card data. Users can continue to transact with the token even if they lost their cards and waiting for a new card.

What Happens If You Don’t Tokenise Your Card?

In case you don’t tokenise your card, you will have to enter the card details for each transaction manually.

Tokenisation Vs. Encryption Vs. EMV Technology – Know The Differences

Now, Tokenisation may appear similar to encryption and EMV (Europay, MasterCard, and visa) technology; however, all come with subtle differences:

Tokenisation	Encryption	EMV technology
Tokens replace the card data during online transfers with card	Keys protect card data	OTP protects each transaction
Cannot be reversed unless the user deleted the card associated with the token	Reversible with decryption	Not reversible
Completely risk-free	A bit risky because of increasing malpractices	Risk-free as it ensures zero misuse of cards even if stolen
Used for online transaction	For all electronic transactions	Only in-person transactions

End Words…

In short, Card Tokenisation eases all payments using cards without investing much in the expensive security solution. Saving cardholder's data and data breaches are like a nightmare to the merchants and by enabling Card Tokenisation, merchants can avoid this. Also, they can appear more trustworthy to their buyers with this Tokenisation and it can leave positive impacts on the businesses.

Just like this, PayG payment gateway brings an additional level of security to all your business transactions. So, get started with PayG to safeguard your business from all potential threats.