Over the past decade, various digital means of transacting have transformed the way we experience commerce worldwide. This evolution has given consumers a greater degree of speed, convenience, and safety in their transactions. Among these, the issue of safety remains a top priority in the payments ecosystem, especially with the rise in digital commerce and the risk of data breach attempts and Man-in-the-Middle (MITM) attacks.
Since 2019, multiple banks and financial services have been victims of data breaches, affecting millions of users. In 2021, the average number of cyberattacks and data breaches increased by more than 15 percent compared to the previous year. These data breaches are only the tip of the iceberg - not only do they expose customer data to malicious actors, but also hurt the company’s business reputation which takes years to build. It is further estimated that by 2030, 74 percent of digital payments worldwide will be made through embedded platforms, with financial services integrated into offerings by non-financial companies. This makes safeguarding consumer data more critical than ever.
Since the early 2000s when RBI allowed smart debit cards, there have been several regulations around card issuance and innovation. Security frameworks such as 2FA (second-factor authentication), online alerts, adoption of PCI DSS compliance, mandating the issuance of EMV chip cards, etc. have been implemented over the last decade. The latest in this line of security innovations is tokenisation.
Tokenisation has been a key focus area for the RBI in the past few years and is a globally proven technology to enhance security while ensuring a more seamless customer experience. Tokenisation ensures that merchants cannot store customer payment data, instead using ‘token’ for payments, which is automatically created by the payment network. As tokenisation masks the actual card number, access to sensitive card information remains limited to issuers and card networks alone, while merchants can only view the network token. It allows consumers to make recurring payments without friction or worrying about updating information when a card has expired or re-issued as the network token, once generated, remains valid for a specific merchant or device.
Tokenisation preserves customer privacy and greatly reduces the possibility of customer data being lost in case of a breach. The robust security of this method has also been permitted for use in contactless payment systems for transactions of up to Rs. 5000.
Tokenisation at work: Transforming your daily payments
There are several payment scenarios where tokenisation facilitates secure and seamless payment transactions. Some of them are:
- Card-on-File Merchant Transactions: Card-on-File Tokenisation (CoFT) where payment tokens are used in lieu of Card-on-File storage for e-commerce transactions
- Device-based Contactless Transactions: In-store contactless payments with device-centric digital wallets used through mobile phones and other devices (e.g., Google Pay, Samsung Pay, etc.)
- Device-based Remote Transactions: Tokens stored in payment apps in a mobile device and used for in-app e-commerce transactions
- Smart Devices Transactions: Payments made with wearables, tablets, or other Internet of Things (IoT) devices. (e.g., smart watches)
The Rise of Embedded Finance
Today, there are a multitude of embedded financial products where customers experience banking services on platforms owned by non-financial companies, underpinned by automation, and cloud payments.
With tap-to-pay and scan-to-pay solutions such as QR codes and virtual cards, consumers have diverse and flexible payment options at their fingertips. Embedded card payments are pivotal in driving e-commerce strategies, creating a frictionless buying journey.
Whether frequent commuters or visitors, open-loop contactless transit solutions enable customers to tap their credit / debit cards or phones to pay for a ride quickly. Companies like Visa are transforming passenger experiences in various countries by making these digital solutions secure.
Payments in an Interconnected Future
As embedded payments continue to grow, the needle points to an interconnected future. We believe that the underlying technology for this future will be led by the Internet of Things (IoT). Some experts predict that IoT-enabled devices around the globe will touch 75 billion by 2025. The growth of IoT and IoT-led payments is going to be explosive as more connected devices and wearable technologies become payment-enabled. With tokenisation, companies can boost consumers’ trust in digital payments with IoT devices while ensuring a fast and frictionless experience.
As tokenisation proliferates among acquiring and issuing banks, and merchants, it will be fundamentally integrated into digital commerce to unlock positive and smooth payment experiences for customers, merchants, and financial institutions, while maintaining the integrity and safety of cardholder data across entities.