Tokenization drama: A guide for all debit/credit card holders

The TLDR: Starting January 1, you will have to manually enter your card details at every place you shop online—delivery apps included. And you may have to do it repeatedly with a number of merchants if they are not ready for a brand new set of Reserve Bank of India rules—which dictate that companies can no longer store your card data. So get ready for some chaos come New Year’s Day.

Say hello to tokenization

The RBI rules basically state that no one can capture or store your card details except your banks and payment providers like Visa etc. And it has made a new system called ‘tokenization’ mandatory starting January 1. 

How it works now: This is what happens when you go online to buy something. 

• You enter your card details, the website captures your data. 
• Then the company’s payment gateway (Razorpay, eg) initiates a transaction by sending those details to your payment provider—Visa, Mastercard, Rupay etc. 
• Visa et al send those details to your issuing bank or company—which approves the payment.
• So all these companies have your information—and can save it for future or repeat transactions.

Enter tokenization: This merely means that your card details are replaced by a token number. This number is unique to the card you are using and who you are buying from. Next time, if you use a different card—or use the same card to buy from a different merchant—a new token number will be required. 

How it will work from January 1: Merchants and payment gateways have to purge all customer card data from their records by that date. So when you go online, you will ideally do the following (with the emphasis on ‘ideally’):

• Once you hit ‘buy’, the company will ask for your consent to tokenize your card details.
• After you give your consent, the company—or its payment gateway—will send a request to your card company.
• The card company will send a token number—instead of your card number—to the merchant.
• You approve the transaction with a CVV and OTP number.
• The company will save the token number—not your card number—for future transactions.
• Rinse and repeat for every card you use and every online site/app you shop from.

Point to note: Tokenization is already in place for UPI payments. And net banking will work seamlessly as well. This only affects transactions where you use your cards.

And we are doing this because…

The RBI is concerned about the security of your card data—which is shared and stored across multiple websites when you shop online:

“Many entities involved in the card payment transaction chain store actual card details. In fact, some merchants force their customers to store card details. Availability of such details with a large number of merchants substantially increases the risk of card data being stolen. In the recent past, there were incidents where card data stored by some merchants have been compromised/leaked.”

For the promise of far greater security, you have to put up with the one-time hassle of manually entering your details when you shop from a specific company.

As for the online retailers: Supporters of tokenization argue it only requires a technological upgrade to get themselves ready to accept such payments. Also: They no longer have to worry about being hacked. And these merchants are moving to a far superior system currently used by the likes of ApplePay and SamsungPay—which offer frictionless shopping—and enable tools like one-click purchase on Amazon.

Ok, what’s the problem?

Government bans 20 YouTube channels

The effects of the new IT rules (explained here) are beginning to show. Twenty YouTube channels and two websites were taken down for infringing on “the sovereignty and integrity of India.” Government officials claim they were carrying “anti-India content”—and were being run by Pakistani intelligence agencies. Why this matters: "This is for the first time that the emergency powers under the IT Rules, 2021 have been cited to ban anti-India propaganda websites.” (The Telegraph)

South Indian movies kick Bollywood’s ass

Trade experts estimate that movies from the South will have chalked up way more at the box office than Hindi films—thanks to hits like ‘Master’, ‘Vakeel Saab’, ‘Love Story’ and the latest ‘Akhanda’ and ‘Pushpa: The Rise-Part One’. The total estimated revenue: Rs 10 billion (1,000 crore) compared to Bwood’s Rs 4.5 billion (450 crore). Bollywood can only boast of one genuine blockbuster in 2021: ‘Sooryavanshi’—with hopes still pinned on ‘83’. One reason for the gap: theatres opened faster in the South. (Mint)

Speaking of North vs South: The Swiggy 2021 data shows that the top orders in North Indian and Maharashtrian cities were vegetarian—with the exception of Lucknow—while chicken biryani scored high in Bangalore, Chennai and Hyderabad. Biryanis were the most popular item—with over 115 biryanis ordered per minute—but the chicken version is way ahead of its vegetarian cousin. The most binged snack: samosa. The biggest mystery: Veg Pizza McPuff coming in at #2 on Delhi’s list. Indian Express has more details and a city-specific breakdown is here.

Drake slows you down

A new (not very scientific) study looked at the running times clocked by runners listening to different artists. It found that anything by Drake added 21 seconds per kilometre, while his music extended a three-mile run by one minute and 45 seconds. OTOH, Beyoncé‘s music shaved off 33 seconds per kilometre—and two minutes and 45 seconds off a three-mile run. Now, we generally prefer our Bee in pjs and a gallon of wine, but this doesn’t surprise us at all. (NME)

Join our community