Are You ‘Tokenized’ Yet?

Many of you would be hearing the word ‘Tokenized’ for the first time. Tokenization is a means of securing or protecting yourself from becoming the victim of online fraud or theft. Defined, ‘Tokenized’ means substituting a randomly generated identifier for (a sensitive piece of data) in order to prevent unauthorized access.

 

WHAT DOES IT MEAN TO GET TOKENIZED?

When we shop online, say on Amazon / Flipkart, etc., we make payments using our Debit / Credit Card. We normally enter the card details, including card number, name, expiry date and the three-digit CVV. To make it more convenient for repeat purchases, the seller/merchant asks us for our one-time permission to store the card details on their server. If you give permission, the data is securely stored on their servers, with encryption and masking technology. Now, if their security measures are inadequate or broken-into by a hacker, your entire data, including Card numbers, CVV, etc. is vulnerable and susceptible to misuse, which could lead to a loss up to the value of your card limits!

Tokenization is primarily designed to prevent such online or digital breaches.

 

HOW THIS WORKS AT THE MERCHANT’S (ONLINE SELLER’S) END:

Since October 2022, RBI has mandated that merchants will not save the customers’ card numbers on their servers. Instead, they will just store a generated Token Number for each Credit Card that they want to be used recurringly on their servers. What it means is that a random Token Number will be generated by the system, which will be stored at the merchant’s end.

This Token Number will be a unique number which is a combination of the Credit Card Number and the Merchant. So, if you are shopping on Amazon, your Card will be tokenized and a unique Token Number will be generated by Amazon for you. This Token Number can only be used to make purchases with that Card on Amazon. It cannot be used on any other merchant website. Hence, a different, unique, Token Number will be generated each for Flipkart, Rediff and as many other shopping sites.

Hence, your actual Card details will be held safe in a secure token vault. This process eliminates the possibility of hacking at the merchant’s end and even if the data is hacked, all that the hacker will receive will be a token number which will be unusable anywhere else and will hence be of no use to the hacker. Thus, essentially, your card will have multiple tokens based on the number of Merchants you have tokenized your card with.

 

HOW THIS WORKS AT THE USER’S (YOUR) END:

As far as the user is concerned, the next time you make an online payment using your Debit or Credit Card, you will be asked if you wish to ‘Save Card As Per RBI Guidelines’ or ‘Secure Your Card’. If you respond positively, you will immediately get an OTP on your Mobile Number linked to your Card. Once you enter the OTP on the Merchant site, your card will be automatically Tokenized. It’s as simple as that! Kindly note the following points:

  • You do not need to remember your Token Number, nor will it be displayed to you.
  • However, you will still see the last 4 digits of your card at the Merchant’s checkout web-page.
  • You can request tokenization of any number of cards at a merchant website.
  • Whenever your card is renewed, reissued or upgraded, you will need to visit the merchant’s page and create a fresh token by following the same instructions.
  • Each card that you have, including Add-on cards, will need to be tokenized, since each card has a unique card number.
  • If you wish to delete the Token Number already generated at a merchant website, you just need to disable that card at the merchant’s website / app and your token number will be automatically deleted.
  • If your card has not been tokenized, it will be automatically removed from apps and websites and you will be required to fill in all your card details every time you transact on that merchant platform.

 

SECURITY:

Tokenized transactions are more secure since the generated tokens are normally not reversible. In encrypted transactions, the process is reversible by decryption using a unique key and decryption is mostly necessary to complete each transaction. It is therefore felt that Tokenization is relatively more secure than encryption. Thus, from now on, you can transact online confidently, with the assurance that your transactions are more secure than before!

Happy Shopping for this festive season!

 

Yazdi Tantra

About Yazdi Tantra

Yazdi Tantra’s column is crafted for those of you who enjoy a bit of technology and love finding quirky things to do in this web and mobile savvy world. This entrepreneur celebrates his interest in the field of web based technologies with his columns and other websites like on-lyne.blogspot.in and Community centric Zoroastrians.net. Of course, his Parsi Times column is our favourite!

Leave a Reply

*