System ready for tokenisation, says RBI deputy governor T Rabi Sankar

The payments industry is “perfectly ready” for a smooth transition to token-based transactions from October 1, Reserve Bank of India (RBI) Deputy Governor T Rabi Sankar said on Friday, based on the feedback from various stakeholders.

Tokenisation is a back-end process of replacing credit/debit/prepaid card details with a unique set of characters or ‘tokens’. This is expected to secure payments and enable future transactions without exposing sensitive card details like complete card number, card verification value (CVV), and date of expiry. The merchants will have to purge all details stored and apply tokenisation.

Roughly 350 million tokens have been created so far, Rabi Sankar said in the post-monetary policy press conference. In September itself, about 40 per cent of the transactions were undertaken using tokens. The value has roughly been about Rs 60 crore that has been done.

The RBI has been talking to all the stakeholders since it issued the regulations in March 2020 to ensure that the transition happens smoothly.

“Wherever required, we have given extensions. We have given many extensions so that the system is comfortable to switch over because we wanted to make sure that customer safety does not get compromised because of problems faced by the implementation of tokenisation,” Rabi Sankar said.

The initial deadline set for the industry to shift to the new framework was January 1 this year, but it was extended twice till September 30 because transaction processing based on tokens had not gained traction across merchant categories.

Payment industry insiders have suggested that while the success rate of token-based transactions is high, inadequate testing of certain use-cases may result in some transactions not going through. Card issuers have also notified their customers that tokenisation is not applicable to international transactions.

“HDFC bank is live with facilitate token requests and token transactions. Additionally, handling existing e-mandates which are already registered with additional factor authentication (AFA) have been tokenised for most of the Mastercard & Visa cards for future transactions,” said a HDFC Bank spokesperson.

Axis Bank is fully compliant with the new guidelines, said Sanjeev Moghe, President& Head- Cards & Payments, Axis Bank.

“I believe there are a few participants who may not be ready but that would largely be because of their unwillingness to comply and we believe we should hold back efforts to ensure customer protection because of such laggards. They may take some more time but eventually they will come onto the framework soon enough,” Rabi Sankar said.

With the norms kicking in from October 1, only card networks like Visa, Mastercard, RuPay, American Express, and card issuers will have access to customer card details from these tokens. In case customers do not tokenise their cards, they will have to enter all card details (card number, date of expiry, and CVV) to make payments every time they shop online.