Tokenization is the newest sensation in the payment domain. According to Sophos, India’s retail industry is currently experiencing exponential growth, with predictions forecasting the local market will reach $1.5 trillion by 2023, growing nearly $700 billion since the start of the decade. This growth exposes retailers and their customers to the increasing possibilities of cyberattacks. In order to safeguard public’s sensitive data, the Reserve Bank of India (RBI) issued guidelines to protect sensitive information or data for credit/debit card transactions via regulations on CoF (Card on File) Tokenization. Recently, RBI extended the deadline for card tokenization till September 30, 2022.
Under the tokenization process, the 16-digit payment card account number is replaced with a unique digital identifier known as a ‘token’ for online transactions. This ensures that there are no data leakage as multiple tokens are issued for the same card payment on different platforms that use tokenization. Because of the random assignment of tokens, even if a website gets breached and the tokens are acquired by the hackers, it is difficult to reverse engineer the accurate card details from it. Since tokenization takes the stagnant data out of the transaction, it is nearly impossible to compromise, which resolves merchants, institutions, and customers’ security concerns.
The responsibility to secure customer’s sensitive information lies with the service provider. When cyberthreats have spiked up across industries, building trust and loyalty with customers require guaranteeing safety of their payments and personal data. 84% of consumers expect companies to be held responsible for ensuring the security of user data and personal information online, as per the latest Deloitte Consumer Review. Data breaches always have a negative impact on customer trust in the affected company.
Tokenization helps protect the business from the negative impacts of data theft. Businesses that accept card payments need to be in compliance with the Payment Card Industry Data Security Standard (PCI DSS), which adds credibility to ensure their customers.
Tokenization has the potential to drive future commercialization through IoT. With transactions linked to digital wallets and secured by a token, every device has the capability to become a payment method. Payment giants such as Visa and Mastercard are already making the transition to tokenization seamless and nearly cost-free. These companies have set the standard that gives every financial institution and merchant the capability to utilize tokenization, with limited costs.
The technology behind tokenization is crucial, from traditional e-Commerce to a new generation in-app payments, tokenization makes paying with the devices easier and safer than ever. When consumers use e-wallets or UPI for payments, their personal card data is stored on their phones as a token. Hence, an additional layer of biometric security comes in play through smartphones. It is a safer payment method for improving user experiences online, through mobile, or in-app.
Tokenization- a ‘Fintech Asset’?
One can witness the boom of blockchain technology-based fintech solutions gaining momentum across the nations. Tokenizing confidential data for turbulence-free digital transactions adds more power to the fintech solutions through blockchain technology.
As a matter of fact, it is expensive and time consuming for merchants to become PCI DSS compliant. However, with the help of ‘tokenization,’ merchants can save a hefty amount of money as PCI DSS compliance helps reduce storing the user’s confidential information. It is also seen as the key to driving blockchain implementation in the future by accompanying cryptocurrency transactions. Merchants will be in a better position to exercise a powerful mechanism that lets them innovate retail experiences without the responsibility of dealing with sensitive data. Tokenizing payments can address concerns of all the parties involved in a transaction process.
As the adoption of tokenization is still at a nascent stage, there are certain areas of concern. Merchants are requiring clarity on some operational areas. The industry is still under prepared in implementing tokenization-related infrastructures, especially stakeholders in the transaction chain such as issuers, acquirer banks, etc. Meeting requirements for tokenization is a multi-layered challenge. While merchants must develop options for end-users to de-register the tokens, the card issuers must provide facilities that enable end-users to view the list of merchants to whom they have registered a token. But that is not enough, as the parallel token service providers must also need to install devices to verify a transaction request from a merchant and a token requestor. In many instances, this may require a ground-up redesign of technology in the payment industry.
However, the solution is much stronger than the initial challenges. And with every new challenge, the possibility of something unique takes the next step. With tokenization, payments and fintech industry is taking a leap towards the next-gen secure payment process.
(The author is Mr. Uday Choudhari, Senior Director, Technology – Synechron and the views expressed in this article are his own)