Why in News:

• The Reserve Bank of India (RBI) has mandated the tokenisation of credit/debit cards for online merchants from October 1. Till then, card details for online purchases were stored on the servers of these merchants in order to help customers avoid keying in their details every time they shopped with that merchant.

What is tokenisation?

• Tokenisation refers to the replacement of actual card details with an alternative code called the ‘token’, which shall be unique for a combination of card and the token requestor (i.e. the entity which accepts the request from the customer for tokenisation of a card and passes it on to the card network to issue a corresponding token).
  • So, if we use a mobile app or a website for online purchases, the merchant can, on your behalf but only with your explicit consent, raise a request for a token with the card issuing bank or the card network such as MasterCard.
• This way, the RBI will ensure that sensitive details such as card numbers are wiped off merchant sites and replaced by random numbers. 
• Once cards are tokenised, card data would remain only in the records of banks and card companies.

Why is tokenisation necessary?

• It is possible for card thieves to clone your card with a skimmer, a gadget that quietly reads the magnetic strip at the back of your card.
• Similarly, hackers can also break into online websites and mobile apps that store your credit card details. Such data breaches could give con artists access to millions of cards in one go which are then sold on the dark web.

What are present measures to prevent fraud?

• To help lessen the chances of such fraud, some banks have mandated the use of an OTP delivered to the registered mobile number to withdraw cash at ATMs.
• Other banks have enabled the use of their mobile app to allow cash withdrawal without the physical use of cards. 
• Some credit card-issuing banks allow limits per day, per transaction, etc on the bank’s app. The tokenisation mandate of the RBI is a similar exercise in caution.

What are the benefits of tokenisation?

• The RBI says that a tokenised card transaction is safer as the actual card details are not shared with the merchant.
• Even if a hacker/scammer were to get their hands on one’s token number, they would not be able to make indiscriminate use of it.
• The token is useless outside of that merchant’s ecosystem. The token generated upon request for a specific merchant is unique to a specific card number and is usable only on that particular site or mobile app.
• The unique token generated for a specific site is only applicable on that site and nowhere else. And if an undesirable third-party gains access to that specific token and shops within that specific website, the chances of identifying the party are more as their login and phone details would be with the site. 
• However, regardless of whomever you shop with(ex: Amazon/Swiggy), the app should ask your permission to use your credit card details for it to tokenise your card.

References:

1. https://www.thehindu.com/business/companies/how-does-tokenisation-prevent-online-card-fraud/article66023551.ece
2. https://www.thehindu.com/business/watch-business-matters-what-is-tokenisation-of-creditdebit-cards/article66002182.ece
3. https://www.thehindu.com/business/explained-what-is-tokenisation-of-debit-and-credit-cards/article38027437.ece