Like According to Reserve Bank of India mandate effective October 1, 2022, in fact Card number, CVV and expiration date and any other sensitive information related to the card cannot be stored by the merchant or the aggregator / payment gateway to process online transactions. User need to get their credit/debit card code.
Encryption refers to replacing the actual card number or credit/debit card with an alternate code called “Tokens“. Once generated, these Tokenised card details will be used in place of the actual card number for future online purchases initiated or instructed by the cardholder. Token card transactions are considered more secure. as the actual card details are not shared/stored with merchants to make transactions.
Does the Tokenisation principle apply to both credit and debit cards
Right. Starting October 1, 2022, both debit and credit cards must be Encrypted. Customers do not need to pay any fees when using Tokenising card service, completely free.
What are the benefits of encryption encryption?
The actual card data, tokens, and other relevant details are stored by the Card Issuer and/or authorized card networks in secure encryption. The token requester/merchant cannot store the full token number or any other token details.
How can encryption be done
Step 1: Cardholders can get tokens by making a request on any e-commerce website/app that they want to make a transaction.
Step 2: The token website/app will forward the request directly to the Bank that issued the applicable credit card or Visa / Mastercard / American Expressapproved by the Card Issuing Bank.
Step 3: The party that receives the request from the Token requester, will issue the token corresponding to the combination of the token, the token requester, and the merchant. This means that once encrypted, the customer will see the last 4 digits of the card on the merchant page.
Does card encryption need to be done at every merchant
Right. The token must be unique to the token at a particular merchant. If the customer intends to have tokens on file at different merchants (e-commerce websites/apps), then tokens must be generated at all points of sale. Additionally, customers need to go through this process for all tokens they hold. As mentioned earlier, the token is unique to the combination of the token and the merchant. Customers can request encryption of any number of cards when they wish to make a transaction.
How can users manage their encryption tokens
The bank will provide a portal for cardholders to view and manage encrypted cards. Cardholders can view/delete tokens for respective tokens through this portal. Customers can also call the Phone Banking service to request management of encrypted cards
Does encryption have any impact on the POS transactions cardholders make at the point of sale
No. Encryption is only required to make online transactions.
Who can perform tokenisation and de-tokenisation?
Encryption and de-encryption can only be performed by the card issuer Bank or Visa / Mastercard / American Express who are called authorized card networks.
How the registration process requires encryption
The registration of encryption requirements is done only with the express consent of the customer through Additional authentication factor (AFA), rather than forced/default/automatic selection for checkboxes, radio buttons, etc. Customers will also be given a choice of use cases and set limits.
Encryption refers to replacing the actual card number or credit/debit card with an alternate code called “Tokens“. Once generated, these Tokenised card details will be used in place of the actual card number for future online purchases initiated or instructed by the cardholder. Token card transactions are considered more secure. as the actual card details are not shared/stored with merchants to make transactions.
Does the Tokenisation principle apply to both credit and debit cards
Right. Starting October 1, 2022, both debit and credit cards must be Encrypted. Customers do not need to pay any fees when using Tokenising card service, completely free.
What are the benefits of encryption encryption?
The actual card data, tokens, and other relevant details are stored by the Card Issuer and/or authorized card networks in secure encryption. The token requester/merchant cannot store the full token number or any other token details.
How can encryption be done
Step 1: Cardholders can get tokens by making a request on any e-commerce website/app that they want to make a transaction.
Step 2: The token website/app will forward the request directly to the Bank that issued the applicable credit card or Visa / Mastercard / American Expressapproved by the Card Issuing Bank.
Step 3: The party that receives the request from the Token requester, will issue the token corresponding to the combination of the token, the token requester, and the merchant. This means that once encrypted, the customer will see the last 4 digits of the card on the merchant page.
Does card encryption need to be done at every merchant
Right. The token must be unique to the token at a particular merchant. If the customer intends to have tokens on file at different merchants (e-commerce websites/apps), then tokens must be generated at all points of sale. Additionally, customers need to go through this process for all tokens they hold. As mentioned earlier, the token is unique to the combination of the token and the merchant. Customers can request encryption of any number of cards when they wish to make a transaction.
How can users manage their encryption tokens
The bank will provide a portal for cardholders to view and manage encrypted cards. Cardholders can view/delete tokens for respective tokens through this portal. Customers can also call the Phone Banking service to request management of encrypted cards
Does encryption have any impact on the POS transactions cardholders make at the point of sale
No. Encryption is only required to make online transactions.
Who can perform tokenisation and de-tokenisation?
Encryption and de-encryption can only be performed by the card issuer Bank or Visa / Mastercard / American Express who are called authorized card networks.
How the registration process requires encryption
The registration of encryption requirements is done only with the express consent of the customer through Additional authentication factor (AFA), rather than forced/default/automatic selection for checkboxes, radio buttons, etc. Customers will also be given a choice of use cases and set limits.
