By Kalpesh J Mehta
The Indian economy has traditionally been dominated by cash. However, the increased adoption of smartphones together with a favourable regulatory environment are pushing the economy to a less cash-dependent state, and promoting the usage of digital payments. There has been a rapid growth trajectory as India moves to a less cash-dependent state. The value, and volume, of online transactions more than doubled in the last year alone.
Increased adoption of the new mode of online payments increases the need to seek measures to mitigate cyber risk. Globally as well, cybersecurity is a top focus. Keeping this in mind, regulators have increased their focus to ensure a safe and secure environment to promote a cashless economy and further the vision of digitalisation for all. In this scenario, the recent announcement on extending permissions for tokenisation of debit, credit and prepaid card transactions to multiple use-cases/channels enhances the safety of the digital payments ecosystem, and is a welcome move that will be highly beneficial to address the safety concerns of payment channels. The in-app payment landscape would be the greatest beneficiary of this move, as a majority of the mobile app providers stored card details to facilitate e-commerce, and were susceptible to hacks and data loss.
Tokenisation is a highly-secure method of protecting card credentials. It is a process in which sensitive card information is replaced with a randomly generated unique token or symbol. These tokens would ensure that sensitive card data is not transmitted or stored in an unsecure format. The data-centric security approach focuses on substituting the sensitive data with a non-sensitive equivalent that is meaningless or has no value to those who are trying to source the data. The primary advantage of tokenisation is security, and over time it can be integrated with other technologies. Once the transaction goes through, the payment processor sends a confirmation back to the merchant with the randomly generated token identity, which is stored in place of the card data in their system. At no point does card data ever get stored within the retailer’s environment. Further, tokenisation can be the answer to securing not just payments, but other aspects of commerce as well, including the transmission and storage of electronic health records and age verification identity checks, among others.
IT has evolved to become integral with business needs. In order to make sure that the technology is impactful, the platform needs to imbibe a forward-looking enterprise-level architecture, and inventory of technologies against changing cyber threats. There is a need to develop a common vision and an agreement of strategy for focusing efforts since these elements cannot be adopted in a silo. Instead, they have to be deliberately ingrained deeply into the core enterprise architectural fabric, which, in turn, must be driven by a lean, agile and dynamic operating model. Also, interoperability (i.e. transactions between different service providers), similar to that available with digital wallets, needs to be worked on for tokenisation as well, to make it equally attractive and convenient—so that the technology is established and is accepted at all points of sale terminals.
In a majority of the cases, new-age channels and offerings have been layered onto an ageing core infrastructure, which has severely limited their ability to integrate seamlessly and respond to the changing business demands. The most effective way to do this is through understanding operational processes, needs and goals of the business. The tokenisation methodology is modular in nature, and depending on the nature of the risks and risk appetite, applicable requirements and regulations, budget, and timelines, one can prioritise specific phases and activities to meet the data security needs. This ensures that while offering convenience and various payment avenues, the information is safe and not compromised.
-The author is partner, Deloitte India
via Safer way to transact online: Tokenisation of card transactions enhances digital payments ecosystem – The Financial Express