Tokenization in 2022?

 Our credit card details get stored in more and more places (digital and physical). And periodically we hear of hackings e.g. Domino’s India (1 million card details) and Marriott hotel (exposed 500 million guest records worldwide). But what alternative do we have? In theory, we could key in the card details for each transaction (and turn off the “save card details” option), but that’s too painful…

 

In India, the RBI has come up with a solution - “tokenization”. Setting aside the delay (from 1-Jan to 30-Jun), let’s look at what tokenization means, and how it would help with the data hacks risk.

 

Here is how tokenization would work:

  1. You install the app for the site e.g. Amazon, Myntra, whatever.
  2. When it comes to making the payment, you do not enter your card details. Instead, when you click the payment button, the app places a request to the credit card company (VISA, MasterCard etc) to initiate the payment.
  3. The card company then generates a one-time, unique “token” ID, based on a combo of your card details (which the card company anyway knows) + merchant (Amazon, Myntra) + amount, that is sent to the site.
  4. An OTP is sent to your phone to confirm the payment.

 

With this method, the site doesn’t need your credit card details; and won’t be allowed to ask for them either. How about sites where the card details were already saved? They have to erase the card details from their records. The net result? If the site doesn’t have your card details, there’s no risk to you even if that site gets hacked.

 

Operationalizing this though needs a few steps. First, we would need to link our credit card details to Aadhar (this is to allow the phone to link to the card number, the same way GPay or PayTM links to the bank a/c). Second, this system can only work via the phone and/or tablet, as per RBI guidelines (But this doesn’t seem like anything new to me. After all, even today, the OTP for your online transactions comes to the phone). Third, the credit card companies need to implement this capability (This is something the government can force since it would be the law). Lastly, the various websites need to implement the software to send and receive the “token” from the credit card company.

 

It is the last step which has caused the delay. Not all sites, esp. the smaller players, find it practical or affordable to implement such a software capability. But I am guessing (and hoping) this won’t be insurmountable – it could be solved by the creation of an intermediary who can provide this service (for a fee, probably) to all sites that can’t implement it on their own.

 

Even if the rollout has gotten delayed, this sure sounds like a good step in addressing the risks and concerns of sharing one’s credit card details.

Comments

Post a Comment

Popular posts from this blog

Student of the Year

Image
As a toddler, my daughter loved Alia Bhatt’s songs, esp. the ones from Student of the Year . (That movie did have many good songs and well-choreographed dances). Fast forward to present day, when she is 12 yo. She rarely watches Hindi movies now, but one of the few ones she likes of late, Raja aur Rani ki Prem Kahani has, yes, Alia Bhatt.   If I had any hopes that there was anything to be read in the name of her toddler-time favorite ( Student of the Year ), they have been dashed. Our conversations come exam time are perfectly captured by this photo and its caption: In fact, the pic below captures how she and I look at her answer sheets – me intently, she with an expression of “It’s over, so why are you even looking at it?”   Of late, we pull her leg and tell her that she isn’t showing any signs of academic prowess, she’d better find a rich guy to marry. Some time later, she showed us this meme on the Internet: “Me No Study, Me No Care Me Go Marry Millionaire If He Die
Read more

Animal Senses #7: Touch and Remote Touch

Instinctively, we think touch is based on contact. Not entirely true, explains Ed Yong in Immense World – there’s a more important aspect than contact: “These incredible feats are possible through movement. If you rest a fingertip upon a surface, you can get only a limited idea of its features. But as soon you’re allowed to move, everything changes. Hardness becomes apparent with a press. Textures resolve at a stroke.” As you run your fingers over a surface, they hit the tiny peaks and troughs and set off vibrations in the mechanoreceptors at their tips.   At the tip of its snout, the star-nosed mole has many pairs of hairless appendages. It uses them to touch things around itself. Alive or dead? Food or ignore? It does these movements at an insane speed. In the time it takes to blink our eyes, the star-nosed mole can probe, identify and swallow its food. “Light may be the fastest thing in the universe, but light sensors have their limits, and the star-nosed mole’s sense of
Read more

The Retort of the "Luxury Person"

Image
Coming up with biting and witty retorts. It’s something we dream of, but rarely manage to pull off. Worse, the more we stew over the offending remark, the more likely we are to come up with that dream retort, as Calvin ruefully points out: During our last holiday at the Taj Resort, seeing my wife carrying towels to our poolside chairs, one of the kids there mistook her for a member of the staff and asked for a towel. When my wife narrated this to us, I did not imagine that my 8 yo daughter would come up with her own retort. But a day later, my daughter recapped the incident, an incident that didn’t even involve her in the first place , and said, “You know what I’d have told that kid who asked for the towel?”. And without waiting for an answer, she told us anyway: “I don’t work here. I too am a luxury person who is living at this resort. Go get your own towel.” We were highly amused by the phrase she had coined: “luxury person”. It certainly captures the kind of holid
Read more