How does tokenisation prevent online card fraud?
The HinduOctober 18, 2022 10:30 am | Updated 10:30 am IST The story so far: The Reserve Bank of India has mandated the tokenisation of credit/debit cards for online merchants from October 1. Till then, card details for online purchases were stored on the servers of these merchants in order to help customers avoid keying in their details every time they shopped with that merchant. As per the RBI’s FAQ on tokenisation updated late last month, tokenisation “refers to the replacement of actual card details with an alternative code called the ‘token’, which shall be unique for a combination of card and the token requestor.” So, if you use a mobile app or a website for online purchases, the merchant can, on your behalf but only with your explicit consent, raise a request for a token with the card issuing bank or the card network such as MasterCard. Deep Agrawal, head of payments at PhonePe explains: “The token generated upon request for a specific merchant is unique to a specific card number and is usable only on that particular site or mobile app. For offline merchants, users would continue to swipe the cards on the POS machines as per previously existing guidelines.” Popular card network Visa further explains the concept of tokenisation through the example of a metro train ticket.