To safeguard India from mounting cyber and financial fraud cases, the Reserve Bank of India rolled out a landmark decision in September 2021. The new regulation by the central bank permitted the payments networks and issuer Banks to offer card tokenization services as Token Service Providers (TSPs) to the e-commerce Merchants and Payment Aggregators starting 1 January 2022.
Tokenization is a mechanism to replace card numbers with a token, i.e., a virtual number, specific to a merchant. When a consumer logs into a merchant app or website, where their card details were stored, they only see the last 4 digits of the original card number. At the backend, TSPs will replace the card number with a token, ensuring that card details are not stored anywhere in the value chain, except for issuer banks and the networks. The process makes card-based transactions safer and more reliable. The process of tokenization will be based on consumer consent, validated through an additional factor authentication.
For consumers, who have their card details stored on multiple e-commerce merchants, their card details will be converted into token if they transact before 1 January 2022. Post the deadline, the consumer will have to enter their details one time to convert into tokens. For consumers who are using their card details for the first time on e-commerce apps or websites, RBI has given them a seamless option to provide consent with an additional factor of authentication.