Tokenisation: Mastercard Takes Digital Payment Security To The Next Level

*This is in partnership with BQ Prime BrandStudio

When using your Mastercard debit or credit card for shopping on e-commerce sites, booking air tickets or ordering a meal, usually you will see great offers for travel, restaurants, shopping, entertainment and sports. These fabulous offers are part of Mastercard's Priceless Specials programme. But recently, you may have noticed the online platform/merchant asking you to tokenise your card. That has left many users wondering what tokenisation is all about and whether they should tokenise their Mastercard.

The simple answer is, tokenise your card right away. Tokenisation is about saving and securing your card, and making digital payments safer, faster and easier for you. For years online platforms or merchants have stored some of your card details in order to ensure a faster checkout experience. While this helped with convenience, when third-party platforms hold your data, they also become targets for hackers for whom your card data is a treasure trove.

While most leading online platforms encrypt card data, in rare cases encryption has been broken. You would remember headlines from other countries about data breaches where attackers have stolen card details of millions of users. To protect Indian cardholders, the Reserve Bank of India (RBI) decided to bring in tokenisation to enhance data security.

What is Tokenisation?

Tokenisation is a technology-driven process of digitally replacing your actual credit and debit card information (which hackers would love to get their hands on) with an alternate piece of data that masks your details and thus transforms data security. This alternate piece of data is known as a ‘token,’ and is unique for each card, token requestor, and device. Since actual card details are not shared with the merchant during the transaction, the merchant doesn’t store any of your card data and hence, tokenised card transactions are deemed safe and secure.

Tokenisation is not about a new card being issued, and your existing Mastercard debit or credit card will not stop working. It is simply about saving and securing your existing card as a token, which can be done for free via Mastercard.

We’ll get a bit technical here, but it is a vital point to understand: Tokenised data, unlike encrypted data, cannot be deciphered and is irreversible. This difference is critical since tokens cannot be returned to their original form without the existence of other, separately stored data. There is no mathematical relationship between the token and its original number. As a result, if a tokenised network or data is breached, the original sensitive data will not be compromised.

How to save and secure your cards through tokenisation?

Thanks to Mastercard, this process is incredibly simple. All you need to do is click the card to tokenise on the merchant website or app, enter the OTP received on your mobile and it’s done. Of course, at the back-end tokenisation is an incredibly complex high-tech process, but for you as a user, it’s as simple as a couple of clicks and keying in an OTP code.

Benefits of tokenisation

Besides safety, thanks to improved, world-class security for your online transactions, tokenisation also enables a faster and easier buying experience as you don't need to key in your 16-digit card number, expiry date, and the CVV each time you buy something online. Mastercard is also providing an attractive benefit for Mastercard customers who want to tokenise their cards on many leading online shopping, food ordering, payment apps, etc, by providing a ₹50 cashback when they tokenise their card.

Can you use untokenised cards for digital payments?

The RBI has set September 30, 2022, as the date by when merchants will have to be compliant with new norms and can no longer store user card data. All your card information will be wiped out from the merchant's app or website, requiring you to tokenise your card. If you have already tokenised, you can continue making payments and buy online without entering card data again. For un-tokenised cards, customers will have manually enter their card details while making purchases. That means you would have type in your name, 16-digit card number, expiry date and CVV each time you make an online purchase. It’s far simpler to just tokenise and buy!

What this means going forward

Aside from customers gaining an additional layer of security on all online transactions, tokenisation is set to benefit merchants and e-commerce business-owners as well and help them focus on their business without worrying about data loss issues. Protection against data breach liabilities and compliance with PCI-DSS are two of the many incentives for merchants to accept tokenisation with arms wide open.

Click here to know how to make you Mastercard safer, faster and smoother.