Tokenisation: A Tool to Avoid e-Payment Frauds


With rapid adoption of digital payments across the globe, pandemic accentuated adoption of digital payments by many first-time users. Per IDC report, In SE Asia alone, digital payments is projected to grow by 162% to $179 billion by 2025. 

There will be 188 million new users of digital payments in South East Asia by 2025, largest markets for digital payments are projected to be Indonesia ($83 billion), Vietnam ($35 billion) and Thailand ($32 billion). Additionally, cash will see a major decline across Philippines, Vietnam and Thailand. As per Google, Temasek Bain & Company 75% of the population across six major Southeast Asian countries have access to internet with majority of them having shopped online at least once with more than 60 million first time users of digital services. 

With growing adoption of digital payments, security is paramount without compromising the user experience or adding friction to the payments flow. To Support booming subscription economy, recurring payments (standing instructions, bill payments, online subscriptions) should be a breeze where customer trusts the merchant and stores his card data on merchant website/app (known as Card on File) at the time of payment enrolment using explicit customer authentication. While customer gets the convenience of not entering payment data every time merchants gets higher success rate minimizing the drop outs at checkout. In such a scenario data protection, security, data governance by merchants is essential while collecting and storing the customer sensitive card data in their own format with varied degrees of security standards. Even one lose-end or the weakest link by any merchant will expose entire customer data in the hands of bad actors, putting entire ecosystem at risk e.g. in case of a breach, customer has to cancel his card, and delete stored card data at all the merchant locations while Issuing banks will have to deal with chargebacks and merchants will face the liability pressure.  

Payment card ‘Tokenization’ could be a silver bullet that precisely tries to address situations envisaged above. In addition to card on file storage it also paves way for many more use cases eg. device based tokenization (storing card credentials securely on the users trusted device) for contactless tap/wave and pay at transit, mobility or fast check out solutions. As devices get connected, IoT is on the rise, embedded, invisible payments will be the future closely coupled with subscriptions wherein your car can make automated payments at toll, pay at a drive or your refrigerator can order groceries automated when the stock depletes.  

Protect your customers today with WIBMO payment gateway plugins 

In India recently RBI (Reserve Bank of India) has mandated that merchants, acquirers and payment gateways should store the customer card information only in a tokenized form, laying ground for Issuers and card networks to provide secure tokenization solutions with customer friendly directive to manage their tokens transparently. This will be a major boost for digital economy while laying strong foundations for data privacy. 

So, what is a token and why is it so secure while being so flexible – Token is an alias/substitute for a real card or payment data that is irreversible and highly secure as compared to encryption which is a reversible process. When merchants implement tokenization to store the card data, every token that is generated for the same card number is unique per merchant which cannot be used at any other merchant. This ensures that any weak link or in case of a data breach, the token is rendered useless by the bad actors. Customer can simply generate a new token only for that merchant while continuing to use their card at other merchant locations. This also takes away the liability shift from merchants whilst minimizing chargebacks for Issuers.  

Taking a cue from India, Issuers can also come up with their tokenization solutions in conjunction with card network to offer their acquirers, payment gateways and merchants a standardized tokenization solution to bring in consistency and security across the ecosystem for not only tokenizing the cards but also tokenize wallets and any sensitive payment handles/identifiers. 

For more information or queries, please write to