Anyone who has ever bought an item through the e-commerce route, will vouch for what experts have been saying for a few years now: that the country is witnessing an unprecedented digital revolution, which is unlikely to decelerate in the near future. The digital revolution is here to stay, grow and prosper, and so will the online payment mechanism ecosystem.
A revolution that has been sparked by the increased internet penetration in both urban and rural areas, affordable mobile devices, secure transaction environment and a shift in consumer behaviour. The revolution has further fuelled by the Covid-19 epidemic that started last year which has seen an astounding 73 percent increase in spending in Tier I and 400 percent in Tier II and Tier III coupled with preference shift in subscription based services.
Moreover, with the looming threat of third wave is forcing millions of families to stay home and depend on digital world to meet their day-to-day requirements.
However, if the digital revolution is to gather further momentum, capitalise on consumers who make online transactions their priority, two things are need of the hour. One, the need to further enhance the consumer payment experience by making digital payment seamless, and the second, is to protect the consumer’s sensitive financial and personal details from hackers.
According to RBI’s 2019-20 annual report, the number of registered frauds has increased at a compounded annual growth rate (CAGR) of 14 percent while the value of frauds has increased by 34 percent in the past three years.
Keeping these priorities in mind, the RBI on January 8, 2019, issued guidelines for card tokenisation. It stated that banks, with the support of authorized card networks, can offer such services to holders of debit, credit and prepaid cards.
This permission was extended to all use cases/ channels like near-field communication (NFC), magnetic secure transmission (MST), in-app payments, QR code payments or token storage mechanisms like cloud, secure element, trusted execution environment, etc with certain conditions. This facility, however, was only offered through mobile phones/ tablets only. “It’s an extension to other devices will be leveraged later based on experience gained,’’ the RBI circular added.
Simply put, tokenization is the replacement of actual card details with a unique alternate number called “token”, which aims to reduce the risk of loss of sensitive data. It adds a safety layer to digitised payment by replacing the permanent account number (PAN) which assures customers that no sensitive information is lost in case of a security breach
Moreover, reduction in fraud impact on online merchants globally and reporting of low fraud rate in India, not only translates the convenience of tokens but the reassurance of security, especially in those making recurring, one-click or in-app payments.
It enables the financial institutions, merchants and third-party payment providers, secure mobile and online payments without the need to share or store sensitive account information. Also for consumers, there is no change in the way payment is made, instead it brings back trust into the system by removing the complexity in digital transactions.
However, e-commerce players are not relishing the benefit as tokenisation is currently restricted to device-based like mobiles and tablets. So, the merchants and payment aggregators are unable to provide platform-agnostic services.
Tokenisation can also be an easy solution to RBI’s guidelines prohibiting merchants, payment aggregators and payment gateway providers from storing any customer information like card related details. Also, these tokens, if intercepted is of little use as it contains no cardholder information.
On the other hand, RBI guidelines deprive e-commerce players of two key benefits; ejecting from re-entering the card details and helping to execute recurring payments. Thus, it will affect the payment experience of customers across industries like retail, OTT, etc. It will also mean having to make changes in architecture, existing storage and recurring payment functionalities, which will also add extra costs, for e-commerce merchants, payment aggregators and payment gateways.
To bring a balance between ease of payment experience and protecting customer’s data, card-on-file tokenisation should be enabled for e-commerce merchants, payment aggregators and payment gateways as it will ensure seamless customer experience and prevent a high churn rate in customers
Much like the counterparts in Australia, United Kingdom, and the United States, which makes no distinction in implementing tokenisation between use cases like in-app and card-on-file, Indians too expect greater convenience through different devices connected to the cloud technology.
The future of digital payments lies in tokenisation and the earlier we recognise its importance, the easier will be the move to an easy, safe, seamless, and secure payment mechanism and also ensure the government’s goal to move towards a less-cash India.
The author, Ashish Gupta, is Director at Kaizzen Insights. The views expressed are personal
First Published: IST