Tokenization is the latest sensation in the payment domain. According to Sophos, India’s retail trade is currently experiencing exponential growth, with forecasts estimating that the local market will reach $ 1.5 trillion by 2023, growing nearly $ 700 billion since the beginning of the decade. This growth exposes retailers and their customers to the growing opportunities for cyber attacks. To protect sensitive public data, the Reserve Bank of India (RBI) issued guidelines to protect sensitive information or data for credit / debit card transactions through CoF (Card on File) Tokenization regulations. Recently, RBI extended the deadline for card tokenization to September 30, 2022.
During the tokenization process, the 16-digit payment card account number is replaced with a unique digital identifier known as a “token” for online transactions. This ensures that there is no data leakage as several tokens are issued for the same card payment on different platforms that use tokenization. Due to the random allocation of tokens, even if a website is hacked and the tokens are acquired by the hackers, it is difficult to reverse the exact card details from it. Since tokenization takes the stagnant data out of the transaction, it is almost impossible to compromise, which solves the security problems of sellers, institutions and customers.
The responsibility for securing the customer’s sensitive information lies with the service provider. When cyber threats have increased across industries, building trust and loyalty from customers requires guaranteeing the security of their payments and personal data. 84% of consumers expect companies to be held accountable for securing user data and personal information online, according to the latest Deloitte Consumer Review. Data breaches always have a negative impact on customers’ trust in the affected company.
Tokenization helps to protect the business from the negative consequences of data theft. Businesses that accept card payments must comply with the Payment Card Industry Data Security Standard (PCI DSS), which adds credibility to secure their customers.
Tokenization has the potential to drive future commercialization through IoT. With transactions related to digital wallets and secured with a token, each device has the opportunity to become a payment method. Payment giants such as Visa and Mastercard already make the transition to tokenization seamless and almost free. These companies have set the standard that gives any financial institution and merchant the opportunity to use tokenization, with limited costs.
The technology behind tokenization is crucial, from traditional e-commerce to a new generation of payments in apps, tokenization makes payment with devices easier and more secure than ever. When consumers use e-wallets or UPI for payments, their personal card data is stored on their phones as a symbol. Therefore, an extra layer of biometric security comes into play through smartphones. It is a more secure payment method to enhance the user experience online, via mobile or in the app.
Tokenization – a “Fintech Resource”?
One can witness the boom of blockchain technology-based fintech solutions that are taking off across nations. Tokenization of confidential data for turbulence-free digital transactions gives more power to fintech solutions through blockchain technology.
In fact, becoming PCI DSS compliant is expensive and time consuming for vendors. However, with the help of “tokenization”, sellers can save a large amount of money as PCI DSS compliance helps to reduce the storage of the user’s confidential information. It is also seen as the key to driving blockchain implementation in the future by tracking cryptocurrency transactions. Sellers will be in a better position to use a powerful mechanism that allows them to innovate retail experiences without the responsibility of handling sensitive data. Tokenising payments can address the concerns of all parties involved in a transaction process.
As the introduction of tokenization is still in its infancy, there are certain areas of concern. Salespeople demand clarity in certain operating areas. The industry is still preparing to implement tokenisation-related infrastructures, especially stakeholders in the transaction chain such as issuers, purchasing banks, etc. Meeting the requirements for tokenisation is a multi-layered challenge. While merchants need to develop end-user options to unregister tokens, card issuers need to offer facilities that allow end-users to view the list of sellers to whom they have registered a token. But that’s not enough, since parallel token service providers also need to install devices to verify a transaction request from a vendor and a token request. In many cases, this may require a new design of the technology in the payment industry.
However, the solution is much stronger than the first challenges. And with each new challenge, the opportunity for something unique takes the next step. With tokenization, the payment and fintech industry is taking a leap towards the next generation’s secure payment process.
(The author is Mr. Uday Choudhari, Senior Director, Technology – Synechron and the views expressed in this article are his own)
