The Reserve Bank of India (RBI) has permitted authorised card payment networks to offer card tokenisation services to any third party requesting it.
Tokenisation acts as an additional layer of security as it masks sensitive card data such as the 16-digit account number, expiration date and security code. It creates a set of numbers that is used to substitute your card information. This ensures that your card information is not disclosed to the website or merchant you are transacting with.
"Services such as the Visa Token Service can help prevent fraud by offering financial institutions, merchants, and third party payment providers, such as digital wallet providers, a secure way to enable mobile and online payments without sharing sensitive account information," said T R Ramachandran, Group Country Manager, India & South Asia, VISA.
Tokens can be device-specific, retailer-specific or even use case-specific. It is a service offered by leading card networks all around the globe.
While both Visa and Mastercard have been pushing contactless payments in India, there is an apprehension among users. Contactless payments removes the need for one time password, which is considered the second layer of security. However, tokenisation could play a huge role in building customer comfort for the new forms of card payments.
Tokenisation would be available for use cases such as contactless transactions, in-app payments, and QR code-based payments.
The central bank said that the facility shall be offered only through mobile phones or tablets at present. Its extension to other devices will be examined later based on experience.
Visa believes that tokenisation is being driven in large part by changing consumer behaviour which is starting to embrace mobile technology.