What is card tokenization?
Credit and debit card tokenization is a way to reduce the number of places where your card data can be found. For example, payments on Uber displayed a warning that your card details will be saved with payment gateways such as Visa and Mastercard. What it says is that a merchant like Uber will need to work with payment networks like Visa to convert card details into a digital token, which will then be used to validate transactions. Therefore, the card details you enter on the Uber app or any online platform are not stored on the company’s cloud servers and are therefore more secure.
What is the digital token used?
The numeric token is a random string, usually alphanumeric. So a 16-digit card number is converted to something like 8f9%yf57ljTa. It is generated by computer programs and the card network associates the token with your actual card details and passes the token to the merchant. When payments are to be requested, the merchant sends this token to the card network, which compares it to the details on file and validates the transaction. A third party accessing the token will have no use for it, as the tokens will be unique among combinations of card, token requester and merchants.
Show full picture
How will tokenization prevent online fraud?
Card details saved on an app are stored on cloud servers which, if hacked, can give the hacker access to information such as card numbers, expiration dates, cardholder name , etc. Although most merchants implement special mechanisms to store card details in an obfuscated manner, hacking a bank or Visa card is much more difficult than hacking websites and apps.
What is the difference with encryption?
The main difference is that the token cannot lead to card details. In encryption, a computer program obfuscates data using an encryption key, and this key can return the data to its original form. In tokenization, however, there is no way to know what data a token represents unless you have access to the databases of the actual issuer of that token. In many cases, the laws do not consider tokens as “sensitive data”, and therefore companies do not have to ensure the same compliance to protect them.
Why are your online payments failing?
Merchants should contact users and ask them to re-enter card data for tokenization. Payments fail either because the customer has ignored reminders or because the merchant still does not have tokenization infrastructure. For recurring payments, users will need to set up an e-mandate before a merchant can charge them. For recurring payments above ₹5,000, approval must be requested from the customer 24 hours prior to payment, each time it is made. UPI autopay can also be used for payments under ₹5,000.
Catch all industry news, banking news and updates on Live Mint. Download the Mint News app to get daily market updates.
To subscribe to Mint Bulletins
* Enter a valid email
* Thank you for subscribing to our newsletter.