Card tokenisation has witnessed exponential growth in India, with over 91 crore tokens issued up to December 2024. These tokens have facilitated over 320 crore transactions, amounting to nearly ₹11 lakh crore, the Reserve Bank of India (RBI) said in a report.
“The adoption of tokens for e-commerce transactions has eliminated the need for merchants and payment aggregators to store actual card data. As a result, nearly 98 per cent of e-commerce transactions are now processed without using the actual card data,” the report said.
What is tokenisation
Tokenisation is the process of substituting actual card details with an alternative code known as a ‘token’. This token serves as a unique identifier for a customer’s card, enabling successful transactions, the RBI says.
- BL Explainer: Tokenisation and its impact on you
It is distinct for each device (device tokenisation) or merchant (card-on-file tokenisation), ensuring that merchants do not store customers’ actual card data. Additionally, this process safeguards customers’ card details in the event of a security breach.
Card tokenisation in India
The RBI first permitted device tokenisation in January 2019 and card-on-file tokenisation (CoFT) in September 2021.
Building on the success of tokenisation, several enhancements have been introduced to further improve customer convenience. These enhancements allow customers to tokenise their cards across multiple prominent merchants simultaneously, with their consent.
“In 2021,MobiKwik’s data breach compromised the sensitive information of more than 3.5 million users, which led the RBI to mandate a forensic audit due to concerns about data security practices,” said Sharat Chandra, Founder, EmpowerEdge Ventures.
“Similarly, the Juspay breach in the same year, resulted in the exposure of transaction data for 100 million users, prompting the RBI to examine cybersecurity across payment systems,” he said.
Cyber security risks
According to Ankush Julka, CEO at Mufinpay (a division of Hindon Mercantile), in October 2022, the RBI implemented a regulation that required businesses, other than the card issuer or network, to stop storing customer card data. This move forced merchants and payment processors to rely entirely on tokenisation, ensuring that consumers’ financial information was never at risk on third-party platforms.
“While exact statistics on tokenised transactions may not be readily available, it’s clear that tokenisation has become a cornerstone of digital payment security in India. Today, most major platforms in the e-commerce and fintech sectors rely on tokenisation, ensuring that customers can make payments without worrying about the security of their personal data. It’s become a trusted way to manage card information without ever storing it on multiple websites,” he said.
Looking ahead, Julka says tokenisation’s role is set to expand beyond e-commerce into contactless payments, recurring transactions and potentially UPI-linked credit card payments.
Comments
aniltikotekar4sme.com 