Moneycontrol PRO

Banks, payment ecosystem players gear up for adoption of tokenisation

Banks and payment ecosystem players are gearing up to adopt tokenisation to meet the card-storage deadline by December-end. The tokenisation drive gained pace after the RBI barred merchants and payment aggregators/gateways from storing card data on their servers to prevent fraud and data leakage.

August 30, 2021 / 07:19 PM IST

Banks and payment ecosystem participants are gearing up to roll out tokenisation by the end of the year. The Reserve Bank of India (RBI), on August 25, extended the scope of tokenised card transactions by including consumer devices like laptops, desktops, wearables (wrist watches, bands, etc.), Internet of Things (IoT) devices, etc. Previously, this facility was available only for mobile phones and tablets.

Tokenisation refers to a process that replaces actual card details with an alternate code, called token, ensuring that the card details are at one place.

The tokenisation drive gained pace after the RBI barred merchants and payment aggregators/gateways from storing card data on their servers to prevent fraud and data leakage.

Implementation possible

Bankers and payment ecosystem providers Moneycontrol spoke to said they are confident of scaling up implementation and expect to complete the process by December-end.


A new technology implementation at the grass root level requires over six months, whereas in this case (tokenisation), banks have already implemented tokenisation for Near-Field Communication (NFC) transactions and might just have to add a few configurations as the base platforms are ready, said a senior official from a card network company, requesting anonymity.

NFC payments are contactless payments that use NFC technology to exchange data between readers and payment devices like Google Pay e-wallets in smartphones or tap-to-pay credit and debit cards.

“Card players are already prepared, and, in fact, it is tried and tested, as earlier trials were done only on mobile and tablet devices,” he said.

Tokenised transactions prevent frauds as card details are stored with card networks or issuing banks only.

Vishwas Patel, Chairman, Payments Council of India (PCI), said: “Tokenisation will ensure that smooth checkout can continue without worrying the loss of card details and information at the merchant, payment gateway or at the bank’s end.”

Card details will be stored at the network and issuing bank’s level only, and the transaction will happen through token every time, Patel added. Banks are preparing to roll out their services soon to ensure smooth implementation of tokenisation.

A senior official from a private sector bank said: “We have been working on developing a solution where merchants and payment gateways can benefit from just integrating and using the solution to ensure smooth checkout for their customers.”

On the implementation part, the banker said: “The time frame to implement is not a major constraint, depending on what kind of customer journeys merchants want to build and tokenisation will be with all network providers.”

How tokenisation will help

As tokenisation will essentially prevent card data leakage, it will also bring down the level of frauds.

Tokenisation will ensure that the original card data remains at a safe storage and threats like data leakage and man-in-the-middle scenarios get avoided and transactions remains secured end-to-end, said Bharat Panchal, Chief Risk Officer (CRO) for India, Middle East & Africa, FIS, and former CRO of NPCI.

“As security gets enhanced with the adoption of tokenisation, fraud ratio will significantly come down. Ultimately, banks and customers will benefit,” Panchal added.

Banks will also have to ensure that they do a thoughtful implementation to ensure a seamless rollout due to the nature of the complexity of the technology.

Banks will have to prepare a strong backend ecosystem – be it switch, card system, reconciliation system and overall adoption of tokenisation. Educating customers will be important for banks not only in terms of utility but also design, Ganesh Vasudevan Research Director, Financial insights, IDC India, said.

According to Vasudevan, Design will be the differentiating factor and banks will have to consciously put equal weightage to adoption, irrespective of the major onus being with card networks and ecosystem players.

Patel of PCI is confident that the new directive will ensure that storage of cards will be more secure and help in faster completion of transactions.

“By December 31, we should be ready to smoothly transit to the new regime and we hope to achieve it within the deadline set by the regulator,” Patel added.
Ishan Shah
first published: Aug 30, 2021 06:09 pm
ISO 27001 - BSI Assurance Mark