Several banks and merchants have dropped emails and messages to their customers, informing them of the card tokenisation process
Tokenisation intends to solve the data breach problems within the ecosystem, securing user details in the form of alternate code/tokens
Only 25 days till the deadline, and merchants are still voicing their concerns regarding the CoFT infrastructure and the adverse impact tokenisation will have on their businesses
After repeated postponement, RBI had, in December 2021, finally announced that the payment ecosystem players will have to either purge their user data or store it in tokenised format by June 30, 2022. It is to be noted that, to regulate India’s fintech ecosystem, RBI introduced the guidelines to tokenise and store card details before.
As the deadline looms, the ecosystem has hastened the process by asking customers to tokenise their data. Several banks and merchants have dropped emails and messages to their customers, informing them of the card on file tokenisation (CoFT) process.
For instance, Axis Bank, in an email reviewed by Inc42, has told its account holders that they need to save their card details via tokenisation to eliminate the inconvenience of re-entering the card details (card number, expiry date, cardholder’s name) on every transaction.
“Failing to do so will lead to removal/deletion of your current saved card details on merchant websites and apps,” the bank said.
Similar to the current process, after the user will tokenise his/her card, they will only have to enter the CVV and OTPs. Tokenisation intends to solve the data breach problems within the ecosystem as cyber crimes have, of late, become an everyday occurrence.
Is The Ecosystem Ready For Tokenisation?
Tokenisation involves replacing the actual card details with a unique alternate code or ‘token’. The feature provides a combination of card, token requestor and identified device, with card networks such as Visa, Mastercard and others at the centre of payment services.
To date, several firms have moved towards tokenisation. For instance, Google Play stated that it will not collect card data, asking users to move towards tokenisation of cards to maintain a smooth flow of transactions by partnering with Mastercard.
Apple, too, stopped accepting debit and credit cards for purchases on the App Store and turned to UPI and net banking as an alternative to tokenisation.
Payment apps PhonePe and PayU launched their CoFT tools to enable smoother onboarding of users’ card data – enabling businesses to comply with RBI’s guidelines while allowing issuing banks to also generate their tokens. NPCI, Cashfree Payments, Razorpay and Infibeam have also added tokenisation services to their offering.
But are major ecommerce players ready? So far, Amazon, Flipkart, Netflix and other major consumer internet players have not issued their stance on tokenisation or what procedure they are following.
Only 25 days to go and merchants are still voicing their concerns regarding the CoFT infrastructure and the adverse impact tokenisation will have on their businesses. If non-compliant with the tokenisation guidelines, subscription-based platforms are likely to be the most hit, since their customer acquisition cost will increase compared to their recurring revenue.
In the meantime, independent segment-governing bodies including the Payments Council of India (PCI) find the move a positive turnaround in the payment ecosystem of India. On the other hand, the Merchant Payments Alliance of India (MPAI) believes that tokenisation may raise complexity for merchants as the required infrastructure is yet not ready.
