How does tokenisation prevent online card fraud?
The Hindu
Why has the RBI mandated the generation of a token for online merchant purchases? How will this move keep hackers and scammers at bay? Will it lead to better consumer security?
The story so far: The Reserve Bank of India (RBI) has mandated the tokenisation of credit/debit cards for online merchants from October 1. Till then, card details for online purchases were stored on the servers of these merchants in order to help customers avoid keying in their details every time they shopped with that merchant.
As per the RBI’s FAQ on tokenisation updated late last month, tokenisation “refers to the replacement of actual card details with an alternative code called the ‘token’, which shall be unique for a combination of card and the token requestor (i.e. the entity which accepts the request from the customer for tokenisation of a card and passes it on to the card network to issue a corresponding token).”
So, if you use a mobile app or a website for online purchases, the merchant can, on your behalf but only with your explicit consent, raise a request for a token with the card issuing bank or the card network such as MasterCard.
When you visit a restaurant, or even an ATM machine, it is possible for card thieves to clone your card with a skimmer, a gadget that quietly reads the magnetic strip at the back of your card. Similarly, hackers can also break into online websites and mobile apps that store your credit card details. Such data breaches could give con artists access to millions of cards in one go which are then sold on the dark web.
To help lessen the chances of such fraud, some banks have mandated the use of an OTP delivered to your registered mobile number to withdraw cash at ATMs. Other banks have enabled the use of their mobile app to allow cash withdrawal without the physical use of cards. Some credit card-issuing banks allow limits that you can set up yourself, per day, per transaction, etc on the bank’s app. The tokenisation mandate of the RBI is a similar exercise in caution.
As per the RBI annual report 2021-22, in FY20 there were a reported 2,677 cases of card fraud via the internet involving ₹129 crore. While in FY21, the number of cases decreased to 2,545, it further increased to 3,596 cases in FY22 with the amount involved being ₹155 crore.
The RBI says that a tokenised card transaction is safer as the actual card details are not shared with the merchant.
Prime Minister Modi celebrates BJP's victories in Maharashtra and bypolls, emphasizing unity and development over divisive politics.
Udhayanidhi Stalin urges cadres to launch campaign for securing 200 seats in 2026 Assembly elections
Udhayanidhi Stalin urges DMK members to gear up for 2026 Tamil Nadu elections, aiming for 200 seats.
A.P. Chambers and Tourism Forum urge Police Commissioner to allow round-the-clock access to RK Beach, address safety concerns.
Iran protests violent arrest of students in Kazan, seeks explanations from Russian authorities, demands accountability for incident.
SRMIST hosts IRIS 2024 summit with ASSOCHAM, fostering collaboration between academia and industry for innovation and growth.
Madras High Court directs CBI to probe illegal sale of government land assigned to missionary in Madurai.
An Injured painted stork was rescued by the Fire and Rescue Services personnel near Mullakkadu Beach Harbour in Thoothukudi district on Saturday
UPPL's record byelection win in Sidli boosts confidence for 2025 BTC elections, emphasizing peace-driven development model.
Ashwani Kumar, president of the Federation of Indian Exports Organisation (FIEO), emphasised on the crucial role of efficient port operation in facilitating global trade
Principal Secretary Sandeep Kumar Sultania urges power utilities to increase transformer capacity for higher energy demand in summer.
Space Commission member and former ISRO chairman A.S. Kiran Kumar called upon young technocrats to put in their heart and sweat to make India one among equals in the world in the space sector.