Final Project PDF

PROJECT REPORT
ON
“STUDY ON CARD TOKENIZATION IN INDIA”
A Project Submitted to
University of Mumbai for partial completion of the degree of
Bachelor in Commerce (Banking and Insurance)
Under the Faculty of Commerce
By
MISS. SHWETA AJIT REDKAR
Under the Guidance of
ASST. PROF. MRS. TRUPTI KAUTIKWAR
KG JOSHI BEDEKAR COLLEGE OF COMMERCE

And
NG BEDEKAR COLLEGE OF COMMERCE
MARCH 2022
I
Date: 03- 03- 2022
Vidya Prasarak Mandal, Thane

K.G. JOSHI COLLEGE OF ARTS &
N.G. BEDEKAR COLLEGE OF COMMERCE, AUTONOMOUS, THANE.
CERTIFICATE
OF
PROJECT WORK
This is to certify that
Ms. Shweta Ajit Redkar of B.com (B & l) Semester Vl Roll No.
29 has undertaken and completed the project work title “Study on Card
Tokenization in India” during the academic year 2021-2022 under
the guidance of Ms. Asst. Prof. Trupti Kautikwar Submitted on 03-03-2022

to this collage in fulfilment of
BACHELOR OF COMMERCE (BANKING & INSURANCE) UNIVERSITY OF MUMBAI
This is bonafied project work & the information presented is True & original to
the best of our knowledge and belief.
PROJECT COURSE EXTERNAL PRINCIPAL
GUIDE CO-ORDINATOR EXAMINER
II
Declaration by Learner
I the undersigned Miss. Shweta Ajit Redkar here by, declare that the work embodied in this project work
titled “Study on Card Tokenization in India” forms my own contribution to the research work carried out
under the guidance of Asst. Prof. Mrs. Trupti Kautikwar is a result of my own research work and has not
been previously submitted to any other University for any other Degree / Diploma to this or any other
University.
Wherever reference has been made to previous work of others, it has been clearly indicated as such and
included in bibliography.
I, here by further declare that all information of this document has been obtained and presented in accordance
with academic rules and ethical conduct.
Miss. Shweta Ajit Redkar

Name & signature of the learner
Certified by
Asst. Prof. Mrs. Trupti Kautikwar
III
Acknowledgement
To list who all have helped me is difficult because they are so numerous and the depth is so enormous.
I would like to acknowledge the following as being idealistic channels and fresh dimensions in the
completion of this project.
I would like to thank my Principal Dr. Suchitra Naik, for providing the necessary facilities required for
completion of this project.
I take this opportunity to thank our Coordinator Dr. Mrunmayee Thatte, for her moral support and
guidance.
I would also like to express my sincere gratitude towards my project guide Asst. Prof. Mrs. Trupti
Kautikwar whose guidance and care made the project successful.
I would like to thank my College Library, for having provided various reference books and magazines
related to my project.
Lastly, I would like to thank each and every person who directly or indirectly helped me in completion of
the project especially my Parents and Peers who supported me throughout my project.
IV
INDEX
Sr. No. Name of the Chapter Page No.
Chapter 1 Introduction
1.1 Introduction to Digital Payment in India
1.1.1 Introduction 2
1.1.2 Cashless Economy 2
1.1.3 Digital India Programme (Digidhan-Mission) 3
1.1.4 Methods of Digital Payment 4
1.1.5 Benefits of Digital Payment 6
1.1.6 Growth of Digital Payment During Covid-19 7
1.2 Introduction to Payment Card

1.2.2 Two Basic Types of Cards 9
1.2.3 Components of Payment Card 12
1.2.4 Card Issuer 14
1.2.5 Card Network 14
1.2.6 Card Networks in India 14
1.3 Introduction of Tokenisation

1.3.2 Basic Terminology 17
1.3.3 History of Tokenisation 19
1.3.4 Types of Tokenisation 19
1.3.5 Goal of Tokenisation 20
1.3.6 Benefits of Tokenisation 21
1.3.7 Token and Types of Token 22
1.3.8 Card Tokenization 23
1.3.9 Stakeholders Involved in Card Tokenization Transaction 23
1.3.10 Process of Card Tokenization 24
1.3.11 Example of Card Tokenization 25
1.3.12 Impact of Card Tokenization 26
1.3.13 Card Tokenization in India 27
1.3.14 RBI Guidelines for Card Tokenization 28
V
Chapter 2 Research Methodology
2.1 Introduction of the Study 32
2.2 Objectives of Study 32
2.3 Hypothesis 32
2.4 Scope of the Study 33
2.5 Significance of the Study 33
2.6 Limitations of the Study 33
2.7 Sample Size and Techniques 33
2.8 Data Collection Method 34
2.9 Techniques and Tools Used in Research 34
Chapter 3 Literature Review

3.1 Introduction 36
3.2 – 3.29 Review of Literature 36
References 46
Chapter 4 Data Analysis, Interpretation and Presentation

4.1 Introduction of Data Analysis and Interpretation 50
4.2 Introduction of Hypothesis Testing 51
4.3 Data Analysis and Interpretation 52

4.3.1 Gender 52
4.3.2 Occupation 53
4.3.3 Income 54
4.3.4 Age 55
4.3.5 No. of Debit/Credit card does person have 56
4.3.6 Used of Debit/ Credit card for online payment 57
4.3.7 Maximum amount customer prefers to pay through Debit/ Credit card 58
4.3.8 Trust of the customers on Debit/ Credit card security 59
How much customer feel secure while doing online transactions using
4.3.9 60
Debit/ Credit card
4.3.10 Payment method prefer by customers for online purchases 61
No. of people aware that, when they do online card payment, there card
4.3.11 62
details are stored in merchant server
No. of respondents are interested to adopt any security method for
4.3.12 63
secured card details from merchant
4.3.13 No. of respondents interested to tokenized their card 64
4.3.14 Reason behind respondents are not interested to tokenized their card 65
VI
4.4 Testing of Hypothesis 66
Chapter 5 Conclusion and Suggestions

5.1 Findings 70
5.2 Suggestions 71
5.3 Conclusion 71
Bibliography 72
Annexures 73
VII
List of Tables
Table No. Title of Tables Page No.
1.1.1 Financial Year & Volume of Digital Transactions (in Crore) 4

4.1 Gender 52
4.2 Occupation 53
4.3 Income 54
4.4 Age 55
4.5 No. of Debit/Credit card does person have 56
4.6 Used of Debit/ Credit card for online payment 57
4.7 Maximum amount customer prefers to pay through Debit/ Credit card 58
4.8 Trust of the customers on Debit/ Credit card security 59
4.9 60
Debit/ Credit card
4.10 Payment method prefer by customers for online purchases 61
4.11 62
4.12 63
4.13 No. of respondents interested to tokenized their card 64
4.14 Reason behind respondents are not interested to tokenized their card 65
VIII
List of Figures
Figure No. Title of Figures Page No.
1.1.1 Growth in Digital Payment During Covid-19 8

4.1 Gender 52
4.2 Occupation 53
4.3 Income 54
4.4 Age 55
4.5 No. of Debit/Credit card does person have 56
4.6 Used of Debit/ Credit card for online payment 57
4.7 Maximum amount customer prefers to pay through Debit/ Credit card 58
4.8 Trust of the customers on Debit/ Credit card security 59
4.9 60
Debit/ Credit card
4.10 Payment method prefer by customers for online purchases 61
4.11 62
4.12 63
4.13 No. of respondents interested to tokenized their card 64
4.14 Reason behind respondents are not interested to tokenized their card 65
IX
List of Abbreviations
Sr. No. Abbreviations Full Form

1 AEPS Aadhaar Enabled Payment System
2 ACH Automated Clearing House
3 AFA Additional Factor Authentication
4 ATM Automated Teller Machine
5 CoF Card on File
6 CVV Card Verification Value
7 EMV Europay, MasterCard and Visa
8 HCE Host Card Emulation
9 HDFC Housing Development Finance Corporation Limited
10 ICICI Industrial Credit and Investment Corporation of India
11 IoT Internet of Things
12 IMPS Immediate Payment Service
13 KYC Know Your Customer
14 MST Magnetic Secure Transmission
15 NPCI National Payments Corporation of India
16 NFC Near Field Communication
17 OTP One Time Password
18 PAN Permanent Account Number
19 PII Personal Identifiable Information
20 PIN Personal Identification Number
21 PoS Point of Sale
22 PCIDSS Payment Card Industry Data Security Standard
23 QR Quick Response
24 RBI Reserve Bank of India
25 SE Secure Element
26 TSP Token Service Provider
27 USSD Unstructured Supplementary Service Data
28 UPI Unified Payment Interface
X
Chapter 1. Introduction
1
1.1 INTRODUCTION TO DIGITAL PAYMENT IN INDIA:
1.1.1 Introduction:
Digital payments are transactions that take place via digital or online modes, with no physical exchange of
money involved. This means that both parties, the payer and the payee, use electronic mediums to exchange
money.
The Government of India has been undertaking several measures to promote and encourage digital payments
in the country. As part of the ‘Digital India’ campaign, the government has an aim to create a ‘digitally
empowered’ economy that is ‘Faceless, Paperless, Cashless’. There are various types and methods of digital
payments.
Digital payments can take place on the internet as well as on physical premises. For example, if you buy
something from Amazon and pay for it via UPI, it qualifies as a digital payment. Similarly, if you purchase
something from your local kirana store and choose to pay via UPI instead of handing over cash, that also is
a digital payment.
These kinds of transactions have become increasingly prevalent and necessary as consumers move from a
cash-powered economy to a digital one.
1.1.2 Cashless Economy:
Cashless economy is the term that everyone uses to describe the situation where the flow of cash does not
exist within the economy. All the transactions take place through electronic channels. Going cashless eases,
one's life. It also helps formalize the transactions. Further, it helps to curb corruption and also, the flow of
black money results in an increase in economic growth.
In a cashless economy, all transactions are carried out using different types of payment methods and this
does not involve the physical use of money for the purchase of various goods and services.
2
1.1.3 Digital India Programme (DigiDhan Mission):
The Digital India Programme envisions transforming India into a digitally empowered society and
knowledge economy by making available digital governance and digital services to every citizen. Promotion
of digital payments ecosystem is an essential aspect of Digital India Programme and has the potential to
transform Indian economy by extending inclusive financial services.
The Government of India in the Union Budget for 2017-18, announced the setting up of a Mission for
promotion of digital payments with a target of 2,500 crore digital transactions during the financial year
through UPI, USSD, Aadhaar Pay, IMPS and Debit cards.
Consequent upon the allocation of Business Rules vide the Cabinet Secretariat Notification No.1/21/1/2017.
Cab dated 15th February 2017, MeitY was assigned the responsibility of “Promotion of Digital Transactions
including digital payments”. Accordingly, DIGIDHAN Mission was set up at MeitY in June 2017 for
promotion of digital payments, with the following objectives:
➢ Promotion of Digital Payments through all digital payment modes including UPI, USSD, IMPS,
BHIM, Aadhaar Pay and Debit Cards;
➢ Promoting and overseeing the establishment, growth and sustenance of a robust, secure and inclusive
National Digital Payments ecosystem;
➢ Development of convenient digital payment modes and digital payment acceptance infrastructure to
enable seamless digital payments and wider adoption of digital payments by the citizens, across the
country,
➢ Awareness creation about benefits of digital payments through promotional campaign, training and
education,
➢ Evolving and facilitating appropriate standards for efficient, affordable and secure Digital Payments
Services;
➢ Ensuring security of digital payments ecosystem.
The DIGIDHAN Mission has been the primary catalyst to promote the digital payment ecosystem in India.
Digital payments transactions have steadily been increasing since last few years. The total transaction
volume has increased from 1,004 crore in FY 2016-17 to 5,554 crore in FY 2020-21.
3
Table 1.1.1- Financial Year & Volume of Digital Transactions (in Crore)
Financial Year Volume of Transactions (in Crore)
2016-17 1,004
2017-18 2,071
2018-19 3,134
2019-20 4,572
2020-21 5,554
Source: https://www.meity.gov.in/digidhan-mission
1.1.4 Methods of Digital Payment:
➢ Banking Cards (Debit/Credit):

Banking cards offer consumers more security, convenience, and control than any other payment
method. The wide variety of cards available – including credit, debit and prepaid offers enormous
flexibility, as well. These cards provide 2 factor authentication for secure payments e.g., secure PIN
and OTP. RuPay, Visa, MasterCard are some of the examples of card payment systems. Payment cards
give people the power to purchase items in stores, on the Internet, through mail-order catalogues and
over the telephone. They save both customers and merchants’ time and money, and thus enable them
for ease of transaction.
▪ How to get it:
o Provide KYC (Know Your Customer) information to open a new account
o Apply for Card with option of Debit / Credit Card
o Get a PIN
▪ What is required for Transaction?

o PoS terminal or online payment gateway
o Present Card physically or card details for online transaction
o Provide PIN
o Provide OTP (One Time Password) received on registered mobile to complete online
transaction for merchant website.
o Self-service and/or Assisted mode.

4
➢ Unified Payments Interface:
Unified Payments Interface (UPI) is a system that powers multiple bank accounts into a single mobile
application (of any participating bank), merging several banking features, seamless fund routing &
merchant payments into one hood. It also caters to the “Peer to Peer” collect request which can be
scheduled and paid as per requirement and convenience. Each Bank provides its own UPI App for
Android, Windows and iOS mobile platform(s).
▪ How to get it:
o Bank a/c
o Mobile number should be linked with bank a/c
o Smart Phone with internet facility
o Debit Card for re-setting MPIN.
o Smartphone with internet facility
o Registered device only
o Use registered MPIN
o Self Service Mode
➢ Point of Sale:
A point of sale (PoS) is the place where sales are made. On a macro level, a PoS may be a mall, a
market or a city. On a micro level, retailers consider a PoS to be the area where a customer completes
a transaction, such as a checkout counter. It is also known as a point of purchase.
▪ Necessary conditions for service initiation:

o Handheld Device with card and /or bio-metric reader
o Merchant Bank a/c
o Internet connectivity GPRS/ Landline
▪ Service Activation:
o Paper work with Bank for merchant bank a/c
o Deposit certain amount
o Collect device
o Configuration and training to operator

o Any Card
o Resident for bio-metric authentication (AEPS)
5
o Assisted Mode
➢ E-wallet/ Mobile Wallet:

A mobile wallet or e-wallet app or e wallet is an app that consists of your debit and credit card
information which helps the users to pay for goods and services digitally using their mobile devices.
▪ Popular online payment apps or payment apps or e wallet list in India include:
o Paytm
o Google Pay
o Amazon Pay
o JIO Money
o Yono SBI
o Airtel Money
o PhonePe
o ICICI Pockets
➢ Internet Banking:
Internet banking, also known as online banking, e-banking or virtual banking, is an electronic payment
system that enables customers of a bank or other financial institution to conduct a range of financial
transactions through the financial institution's website.
1.1.5 Benefits of Digital Payment:
➢ Faster, Easier, More Convenient:

Perhaps, one of the biggest advantages of cashless payments is that it speeds up the payment process
and there is no need to fill in lengthy information. There is no need to stand in a line to withdraw
money from an ATM or carry cards in the wallet. Also, with the move to digital, banking services will
be available to customers on a 24/7 basis and on all days of a year, including bank holidays. Many
services like digital wallets, UPI, etc, work on this basis.
➢ Economical and Less Transaction Fee:
6
There are many payment apps and mobile wallets that do not charge any kind of service fee or
processing fee for the service provided. The UPI interface is one such example, where services can be
utilized by the customer free of cost. Various digital payments systems are bringing down costs.
➢ Waivers, Discounts and Cashbacks:

There are many rewards and discounts offered to customers using digital payment apps and mobile
wallets. There are attractive cash back offers given by many digital payment banks. This comes as
boon to customers and also acts a motivational factor to go cashless.
➢ Digital Record of Transactions:

One of the other benefits of going digital is that all transaction records can be maintained. Customers
can track each and every transaction that is made, no matter how small the transaction amount this.
➢ One Stop Solution for Paying Bills:

Many digital wallets and payment apps have become a convenient platform for paying utility bills. Be
it mobile phone bills, internet or electricity bills, all such utility bills can be paid through a single app
without any hassle.
➢ Helps Keep Black Money under Control:

Digital transactions will help the government keep a track of things and it will help eliminate the
circulation of black money and counterfeit notes in the long run. Apart from this, this may also give a
boost to the economy as the cost of minting currency also goes down.
1.1.6 Growth in Digital Payment During Covid-19:
The Covid-19 pandemic has taught us one more benefit of digital payments, its role in enabling healthcare.
Equipped with contactless payment modes like UPI QR code, NFC enabled cards digital payments is
complimenting the “new normal” of social distancing. During the coronavirus crisis, digital payments have
been keeping economy running and helping people reduce contact with virus”.
7
Figure 1.1.1 - Growth in Digital Payment During Covid-19
Source: https://www.meity.gov.in/digidhan-mission
1.2 INTRODUCTION TO PAYMENT CARD:
1.2.1 Introduction:
Payment card are part of a payment system issued by financial institutions, such as a bank, to a customer
that enables its owner (the cardholder) to access the funds in the customer's designated bank accounts, or
through a credit account and make payments by electronic account transfer. There are a number of types of
payment cards, the most common being credit cards, debit cards.
Most commonly, a payment card is electronically linked to an account or accounts belonging to the
cardholder. These accounts may be deposit accounts or loan or credit accounts, and the card is a means of
authenticating the cardholder.
8
1.2.2 Two Basic Types of Card:
➢ Debit Card:
A debit card is a bank card used to make payments from your own bank account. Debit cards were
introduced in 1966 and have been around since. They are actually a linked to the cardholder’s bank
account. So, they basically provide an electronic access to the bank account of the cardholder.
Debit cards can be used to conduct online transactions. They can also be used at products or services
at the various point of sales. When you use a debit card it withdraws the balance from your bank
account, i.e., it debits your bank account. So, if there is insufficient balance in the account, the
transaction will be unsuccessful.
Advantages of a Debit Card:
▪ Easy to obtain:
Once you open an account most institutions will issue you a debit card upon request.
▪ Convenience:
Purchases can be made using a contactless or chip-enabled terminal or by swiping the card rather
than filling out a paper check.
▪ Safety:
You don’t have to carry cash or a checkbook.
▪ Readily accepted:
When out of town (or out of the country), debit cards are usually widely accepted (to not have an
interruption in service, make sure to tell your financial institution you’re leaving your city).
Disadvantages of a Debit Card:
▪ No credit allowed:
A debit card is linked to your bank account. There is no possibility of making any transaction on
credit. All transactions and withdrawals are limited to the balance available in your account.
▪ Difficult to dispute fraudulent use:
It is easier to fraudulently use your debit card. In case someone steals the details of your card,
especially the PIN and CVV, the chances of a fraudulent transaction are very high. It is difficult
to dispute such transactions with the bank.
▪ They don’t build your credit score:
9
Since debit cards are directly linked to your checking account, they don’t affect your credit score.
If you’re looking to build your credit history, debit cards won’t help.
▪ Fees:
Using your debit card for ATM transactions may be costly if the ATM is not affiliated with your
institution.
➢ Credit Card:
A credit card is a payment card issued to users (cardholders) to enable the cardholder to pay a merchant
for goods and services based on the cardholder’s accrued debt (i.e., promise to the card issuer to pay
them for the amounts plus the other agreed charges). The card issuer (usually a bank or credit union)
creates a revolving account and grants a line of credit to the cardholder, from which the cardholder can
borrow money for payment to a merchant or as a cash advance.
Advantages of Credit Cards:
▪ Purchasing Power:
Credit cards allow the buyers to use the card for the purchases and pay for the same later. You do
not need to worry about having enough cash in their account as at the time of payment the money
is not going out from your account. Hence, it eases the worry of denting the account balance.
▪ Building a Credit History:
Credit cards help you build a credit history which helps your credit score. Timely payment of the
credit card balance increases your credit score. Banks and financial companies check your credit
history and your repayment habit before lending you a loan. A good credit score improves the
chances of loan approval.
▪ Helps to keep track of spending:
Using a credit card will help keep track on your spending, as there will be electronic record
keeping. You can also identify if there are any fraudulent transactions.
10
▪ Rewards:
Many credit card companies and banks offer rewards programs to promote the regular use of credit
cards. Through these reward points, you can get a discount on goods purchased from partnered
stores.
Disadvantage of Credit Cards:
▪ Credit card fraud:

Disadvantage of using a credit card is credit card fraud. Credit card frauds are on the rise and many
people have lost their money to such frauds. So, you have to be very careful while swiping your
credit card and never reveal your credit card details to anyone.
▪ Leads to overspending:
Credit card might help you in an emergency, but at the same time, it leads to overspending.
Usually, people spend more with the credit card, rather than cash. This is mainly because you will
be given a certain time to pay the amount back. So, you have to be very cautious while spending
with your credit card.
▪ High-interest rate:
If you do not pay your credit card bills on time, you will be charged interest on the outstanding
amounts. The interest rate on credit cards is as high as 3% a month. So, it is advisable to pay off
your credit card bills on time.
▪ Hidden charges:
Credit card has many hidden charges like joining fees, late payment fees, renewal fees, processing
fees and fees for withdrawing cash through credit card. These charges on your credit card might
increase your expenses.
▪ Bad impact on credit score:
While credit card helps improve credit score, at the same time, it can also have a bad impact on
your credit score, if you do not pay credit card bills on time or if you default on card payments.
Having a bad credit score will lead to a lot of problems while taking loans in the future.
11
1.2.3 Components of Payment Card:
➢ The Front of a Payment Card:
▪ Card Issuer:
This is the logo of the financial institution that issues the payment card.
▪ EMV Chip:
The EMV Security chip is an important component of the card. It has the information about the
card that is the card number, validity and cardholder name stored in it. It is a modern way to store
information about the card. It gives high protection from fraud. When the card is swiped the card
reader reads the information and further transaction is processed.
▪ Card Number:
A unique card number is assigned to each cardholder. Usually, the first few digits are the same for
every cardholder according to the card network, the rest of the digits are unique for the customer.
Mostly, the card number is up to 16 digits.
▪ Cardholder Name:
The card applicant will be the card owner and the same name will be printed on the card.
▪ Expiration Date:
The expiration date is in the following form: MM / YY. It is composed of the month and the year
until which the card is valid. The day is never indicated on the cards, but always corresponds to
the last day of the month.
▪ Card Network:
It is the Card Network logo to which this card belongs to: Visa. The card network connects all
participants to a transaction and transports the information necessary for the payments processing.
12
➢ The Back of a Payment Card:
▪ Card Verification Value:

It a very important component of a card along with the security PIN. Every cardholder is given a
unique CVV. Whenever you use a card online for purchases or any transactions, then the
transaction will not be processed without the CVV code.
▪ Magnetic Stripe:
On the backside of a card, a black stripe is present which is called the Magnetic Stripe. Along with
the EMV chip, the card details are stored on the Magnetic stripe as well. If the Magnetic stripe is
completely worn away or dirty, then the card reader or ATM will not be able to read the card. In
this case, you can apply for a new card.
▪ Signature Box:
This is the box where the cardholder must add his signature. In the case of payment with use of
the magnetic strip, the signature makes it possible to verify the identity of the cardholder by
comparing the one in this box with the signature on the receipt or another signature on an identity
document.
▪ Issuer Contact Address:
This is the address where the issuer wants the card to be sent if it is found after a loss, a theft, the
end of validity or other reason.
13
1.2.4 Card Issuer:
Card issuer means the financial institution or company which has provided a card to a cardholder. In simple
terms, card issuer is the bank or NBFC that issues you the card. HDFC Bank, ICICI Bank, SBI Card are a
few examples of card issuers in India.
➢ What card issuers Do?

▪ They review and approve card applications and issue the physical cards.
▪ They set the credit limit on your card in case of credit card.
▪ They set the terms and conditions on individual cards.
1.2.5 Card Network:
Card networks act as the bridge between the card issuers and the merchants. The major card networks in
India are Visa and Mastercard; these cover the major marketplace. Other players are Discover, American
Express and RuPay. Card networks act as the technical backbone of the cards and payment system.
➢ What Card Networks Do?

▪ They determine where your card can be accepted.
▪ They approve and process the transactions.
▪ They act as a payment bridge between the merchant and the bank.
▪ Card payment networks play a major role in processing the transactions. With the use of
technology, they have made transactions quick and easy for the customers.
1.2.6 Card Networks in India:
There are five payment networks current active in India- Visa, Mastercard, RuPay, American Express and
Discover.
14
➢ Visa:
Visa the most dominant card payment network around the world. You can find credit cards and debit
cards branded with Visa. However, Visa does not issue cards on its own nor does it define the fees and
terms and conditions on the cards. It only facilitates electronic fund transfer made using the cards. But
it can offer certain benefits such as concierge and lounge access.
Visa-branded cards can be availed in four variants:
▪ Visa Classic
▪ Visa Gold
▪ Visa Platinum
▪ Visa Signature
▪ Visa Infinite
➢ Mastercard:
Mastercard is another payment network covering around 50% of the market, excluding China. It offers
wide acceptance across the globe covering more countries than Visa. Mastercard, like Visa, does not
issue cards on its own and only processes the payments between banks and retailers thus acting as a
bridge between the two. Mastercard-branded cards would also offer certain benefits including local
and global experiences, lounge access, contactless payments and more.
Mastercard cards can be availed in three variants:
▪ Standard Cards
▪ Platinum Mastercard
▪ World Mastercard
➢ RuPay:
Launched by the National Payments Corporation of India (NPCI), RuPay is the Indian card payment
network. It facilitates electronic payment at domestic level across all banks and financial institutions.
RuPay has also tied up with Discover to extend its services and acceptance at international level.
RuPay-branded credit cards also come with various deals across shopping, travel and retail purchases.
RuPay offers card services through the following variants:
▪ RuPay Select
▪ RuPay Platinum
▪ RuPay Classic
15
➢ American Express:
Unlike the above three, American Express is a network as well as a card issuer. It offers credit cards
and charge cards in India and also provides payment network solutions to other banks.
Some popular American Express cards in India are:
▪ American Express Platinum Reserve Card
▪ American Express Membership Rewards Card
▪ American Express Platinum Travel Card
➢ Discover:
Discover is not just a payment channel; it owns and operates Discover Bank (not operational in India).
Discover offers the card payment services through Pulse Networks and Diners Club International. In
India, you can find Discover-branded cards through the collaboration of HDFC Bank and Diners Club
International.
Some popular Diners Club cards in India are:
▪ HDFC Bank Diners Club Premium Credit Card
▪ HDFC Bank Diners Club Black Credit Card
▪ HDFC Bank Diners Clubmiles Credit Card
▪ HDFC Bank Diners Club Rewardz Credit Card
Except RuPay, all other payment networks operating in India have their headquarters in foreign countries.
No matter wherever you go, the global acceptance feature of the cards will let you make good use of it.
1.3 INTRODUCTION OF TOKENIZATION:
1.3.1 Introduction:
Tokenization is the process of exchanging sensitive data for non-sensitive data called "tokens" that can
be used in a database or internal system without bringing it into scope.
16
Although the tokens are unrelated values, they retain certain elements of the original data commonly
length or format, so they can be used for uninterrupted business operations. The original sensitive data
is then safely stored outside of the organization's internal systems.
Unlike encrypted data, tokenized data is undecipherable and irreversible. This distinction is
particularly important: Because there is no mathematical relationship between the token and its original
number, tokens cannot be returned to their original form without the presence of additional, separately
stored data. As a result, a breach of a tokenized environment will not compromise the original sensitive
data.
The tokenization system provides data processing applications with the authority and interfaces to request
tokens, or detokenize back to sensitive data. Tokenization may be used to safeguard sensitive data involving,
for example, bank accounts, financial statements, medical records, criminal records, driver's
licenses, loan applications, stock trades, voter registrations, and other types of personally identifiable
information (PII).
The choice of tokenization as an alternative to other techniques such as encryption will depend on varying
regulatory requirements, interpretation, and acceptance by respective auditing or assessment entities.
1.3.2 Basic Terminology:
➢ Token:
A token is a piece of data that stands in for another, more valuable piece of information. Tokens
have virtually no value on their own they are only useful because they represent something bigger,
such as a credit card primary account number (PAN) or Social Security number (SSN).
17
Tokenization works by removing the valuable data from environment and replacing it with these
tokens.
➢ De -Tokenization:
Detokenization is the reverse process, exchanging the token for the original data. Detokenization
can be done only by the original tokenization system. There is no other way to obtain the original
number from just the token.
Tokens can be single-use (low-value) for operations such as one-time debit card transactions that
don't need to be retained, or they can be persistent (high-value) for items such as a repeat
customer’s card number that needs to be stored in a database for recurring transactions.
➢ Card on File (Merchant Specific):

Card-on-File tokens are intended for use at a particular merchant or payment processor as a replacement
for Payment Card details. By storing tokens instead of Card Details, merchants and processors can limit
the exposure of their customers to fraud in the event of a data breach.
➢ NFC:
Near field communication is the technology that allows two devices-like your phone and a payments
terminal to talk to each other when they're close together. NFC is the technology that enables
contactless payments
➢ Token Vault:
A token vault is a secure centralized server where issued tokens, and the PAN numbers they represent,
are stored securely. Security is paramount as the token vault is the only area in which the token can be
mapped back to the consumer’s original card details. All token vaults, therefore, must comply with
Payment Card Industry (PCI) specifications.
➢ Secure Element:
SE is a chip that is by design protected from unauthorized access and used to run a limited set of
applications, as well as store confidential and cryptographic data. Secure Element securely stores
card/cardholder data and manages the reading of encrypted data. During a payment transaction it acts
like a contactless payment card using industry standard technology to help authorize a transaction. The
Secure Element could either be embedded in the phone or embedded in your SIM card.
18
➢ Host-Based Card Emulation:
It is an additional method of card emulation that doesn't involve a secure element, called host-based
card emulation. This allows any Android application to emulate a card and talk directly to the NFC
reader. Before HCE, payment cards had to be physically present for a transaction to be carried out
using the in-built Secure Element (SE).
1.3.3 History of Tokenization:
Tokenization has existed since the beginning of early currency systems, in which coin tokens have long
been used as a replacement for actual coins and banknotes. Subway tokens and casino tokens are examples
of this, as they serve as substitutes for actual money. This is physical tokenization, but the concept is the
same as in digital tokenization -- to act as a surrogate for a more valuable asset.
Digital tokenization saw use as early as the 1970s. In the databases of the time, it was used to separate
certain sensitive data from other data being stored.
More recently, tokenization was used in the payment card industry as a way to protect sensitive cardholder
data and comply with industry standards.
The organization Trust Commerce is credited with creating the concept of tokenization to protect payment
card data in 2001. Prior to this, merchants would store credit card data on their own servers which meant that
anyone with system access could view potentially sensitive information. This system eliminated the need for
merchants to store card data themselves, and thus vastly increased the security of cardholder data.
1.3.4 Types of Tokenization:
There are two options for tokenizing information to choose from:
➢ Vault Tokenization:
In vault tokenization, we maintain a secure database called a tokenization vault database, in which we
store the sensitive data, as well as it’s corresponding non-sensitive data. This table of sensitive and
non-sensitive data can be used to detokenize the newly tokenized data.
19
As the data increases, the size of the vault database increases, which in turn increases the processing
time for detokenization. This also increases the detokenization implementation process. To overcome
the disadvantages of vault tokenization, vault less tokenization comes into play.
➢ Vault Less Tokenization:

It is more efficient and safer than vault tokenization, as it does not maintain a database, but instead
uses secure cryptographic devices.
Secure cryptographic devices use standards-based algorithms to convert sensitive data into non-
sensitive data or to generate tokens. For detokenization, these tokens can be used to generate original
data without needing a tokenization vault database.
1.3.5 Goal of Tokenization:
The goal of an effective tokenization platform is to remove any original sensitive payment or personal
data from your business systems, replace each data set with an undecipherable token, and store the
original data in a secure cloud environment, separate from your business systems.
For example, tokenization in banking protects cardholder data. When you process a payment using the
token stored in your systems, only the original credit card tokenization system can swap the token with
the corresponding primary account number (PAN) and send it to the payment processor for
authorization. Your systems never record, transmit, or store the PAN—only the token.
Although no technology can guarantee the prevention of a data breach, a properly built and
implemented cloud tokenization platform can prevent the exposure of sensitive data, stopping attackers
from capturing any type of usable information like financial or personal.
“Usable information” is the key here. Tokenization is not a security system that stops hackers from
penetrating your networks and information systems. There are many other security technologies
designed for that purpose. Rather, it represents a data-centric approach to security that adheres to "zero
trust" principles.
The advantage to cloud tokenization is there is no information available to steal when the inevitable
breach happens. Because of this, it virtually eliminates the risk of data theft.
20
1.3.6 Benefits of Tokenization:
Tokenization can provide several important benefits for securing sensitive customer data:
➢ Data Breach Protection:

Reduce exposure to data breaches by replacing sensitive payment credentials with randomly
generated token numbers. Foster customer trust and loyalty by keeping customer data safe.
➢ Reduced Fraud and Risk:

Payment tokens can be generated according to strict domain controls, aiding with transaction
processing decisions and reducing risk of fraud.
➢ Less Payment Disruptions and Protected Revenue:

Tokens are managed according to a card and device’s latest information and status, eliminating the
need for Card Member’s to manually update card information—helping to provide a quick and
frictionless experience for the customer and reducing payment disruptions for the Merchant.
➢ Reduced PCI Scope:

By storing tokens instead of card credentials, Merchants can minimize the need for PCI compliant
infrastructure and PCI audit requirements.
➢ Speed:
Tokens can allow for automation, which makes completing transactions quicker. In industries such
as blockchain, this is an important benefit.
➢ Increase Data Protection Standards:

By storing tokens and not the sensitive information of the cards, sellers are in a better position to
raise their data protection standards.
21
1.3.7. Token and Types of Token:
A token is a piece of data that stands in for another, more valuable piece of information. Tokens have
virtually no value on their own they are only useful because they represent something bigger, such as
a credit card primary account number (PAN) or Social Security number (SSN). Tokenization works by
removing the valuable data from environment and replacing it with these tokens.
Types of Token:
➢ Format Preserving Tokens:

It maintains the appearance of the 16-digit credit card number. For e.g., Card number: 5945 8612 5953
6391, Format preserving token: 4111 8765 2345 1111.
➢ Non-Format Preserving Tokens:

It not resembles the original credit card number and can include both alpha and numeric characters.
For e.g., Card number: 5945 8612 5953 6391, Non format preserving token: 25c92e17-80f6-415f-
9d65-7395a32u0223.
➢ Single Use Token:

A single-use token is typically used to represent a single transaction, and processes much faster than
multi-use tokens. If you plan to use single-use tokens, expect your data vault to grow exponentially
over time.
“Every time a repeat customer purchases something, a new token will be created in the vault. Because
of this, single-use tokens are far more likely to cause a token collision scenario than multi-use tokens.”
➢ Multi Use Tokens:

A multi-use token always represents the same card number and may be used for multiple transactions.
Every time a payment card is entered into a payment system, the same token is generated and used.
The two most common benefits of multi-use tokens include reducing data vault bloat and data
analytics. Other benefits more specific to the payments space include recurring payment support and
loyalty tracking.
The question of whether to use single-use or multi-use tokens is dependent on 1) an organization’s

need for retaining tokens and 2) plans for storage expansion.
22
1.3.8. Card Tokenization:
Card tokenization is the process of de-identifying sensitive cardholder data by converting it to a string of
randomly generated numbers called a “token.” Similar to encryption, tokenization obfuscates the original
data to render it unreadable in the event of a data breach or other exposure.
In other terms, this is a process of converting your card details into a unique token that is specific to your
card and only to one merchant at a time. This code masks the true details of your card, without which no
one can misuse your card. This token can be saved on the online portal’s server.
1.3.9 Stakeholders Involved in Card Tokenization Transaction:
➢ Customer:
Customer is a card holder who initiate transaction and provides their payment details at a point-of-sale
(POS) system or online checkout form of merchant website.
➢ Token Requester:
Token requestors are entities who initiate the process of tokenization. In order to request tokens from
the Visa Token Service, you must first register with Visa as a token requestor and agree to comply
with Visa's participation requirements and processes. Token Requestors can request payment tokens
for their own use or request shared payment tokens on behalf of Token Users. Some examples of Token
Requestors include digital wallet providers, payment enablers, merchants and IoT manufacturers.
➢ Tokenization Service Provider:

A token service provider (TSP) is responsible for the issuance and management of payment tokens.
Becoming your own TSP reduces costs and increases security as you avoid tokenization fees and
remain the sole guardian of your original card numbers. Also, as you are not dependent on a third party,
you can integrate tokenization services on any mobile form factor and any channel as your strategy
requires. Some examples of Token Service providers include Visa Token Service, Master Card Token
Service.
23
➢ Merchant:
The merchant is a private company selling their products online.
➢ Acquirer Bank:
Acquirer bank is a merchant bank who transmits the token to credit card networks for authorization.
➢ Card Network:
The card network processes the token and maps it to the customer’s account number, authorizes and
passes it to the issuing bank.
➢ Issuer:
Issuer is the cardholder bank who authorizes or denies the transaction based on the fund balance.
1.3.10 Process of Card Tokenization:
Token Service Provider
Customer Merchant (POS) Acquirer Card Network Issuer
Step 1: Credit card holder initiates transaction and enters their card details on the merchant website.
Step 2: Card information goes straight to the tokenization server without storing any data in the
application’s server. A Token Service Provider generated token from the PAN for one time use within
a specific domain. Tokens are sent to the token vault and stored in a PCI-compliant environment which
does not allow merchants to store credit card numbers.
24
Step 3: Tokens are loaded on the mobile device. The NFC mobile device makes a payment at a
merchant’s NFC point-of-sales (POS) terminal.
Step 4: The POS terminal sends the token to the acquiring bank, which sends it to the issuing bank
through the payment network. Acquirer transmits the token to card networks for authorization.
Step 5: Once authorized, token gets matched to customer account details present in bank secure
database.
Step 6: Post successful authorization issuing bank receives decrypted token details and sends
success/failure response to Network.
Step 7: After authorization from the card issuer, the token is returned to the merchant’s POS terminal.
1.3.11 Example of Card Tokenization:
Here is the basic example of how tokenization is done in real life. Sara wants to purchase sport shoes through
online platform. Sara orders a pair of sports shoes on Amazon. After choosing all her preferences, she reaches
the payment section. Let’s see how payment process done using tokenization.
▪ First, she enters the sensitive data on the portal (credit card number, cardholder name, etc.)
▪ This goes straight to the tokenization server without storing any data in the amazon application’s
server
▪ Then it reaches the token vault, where the original data is secure.
▪ It, in turn, returns a token of randomized alphanumeric representation of the same length. This has
no relation to the original data, like in the typical ‘data encryption process.
▪ This token is now passed by the merchant POS terminal to the merchant’s acquirer bank, and this
bank passes the token to the credit card network.
25
▪ Then the card network processes the token and maps it to the customer’s account number, authorizes
and passes it to the issuing bank.
▪ The issuer bank now authorizes or denies the transaction based on the fund balance.
▪ After the successful transaction, a unique token returns to the merchant.
▪ Amazon now has no record of Sara’s sensitive original information but her tokens. In this way,
Amazon can enable Sara to make one-click payments the next time she shops.
Sara is now happy with her brand-new sports shoes while securing her data in the vault. Getting the data from
the vault is not an easy piece of cake. It requires multiple authentication levels, service charges, etc., to verify
if a trusted party raised it.
1.3.12 Impact of Card Tokenization:
➢ Impact of Tokenisation on Online Businesses:

Card tokenisation helps online businesses improve their data security, from the point of data capture
to storage as it eliminates the actual storage of credit card numbers in the POS machines and internal
systems. But the greatest benefit of tokenization is that it minimizes the impact of security breaches
for merchants.
Since merchants are storing tokens instead of credit card numbers in their systems, hackers will acquire
tokens that are of no use to them. Breaches are expensive, and many retailers and banks have
experienced huge losses as a result of data theft. Tokenisation helps minimize this.
➢ Impact of Tokenisation on Customers:

Apart from the comfort that comes with knowing that your card payments is less likely to get hacked,
there’s also the fact that tokenisation is very convenient for customers in the case of fraud or theft.
This works based on the fact that multiple tokens are for the same card payment on different platforms
that use tokenisation. So even if a website you use gets breached and the tokens are acquired by the
hacker/miscreant, it’s difficult to reverse engineer the actual card number from it as access to the
tokenisation logic will also be needed.
26
1.3.13 Card Tokenization in India:
Amidst the rise in cases of financial data leaks in India, the Reserve Bank of India's (RBI) efforts towards
the adoption of a framework of tokenisation of cards in India. An important update to this framework was
notified on September 7, 2021, which enhances the scope of these card tokenisation services.
On January 8, 2019, the RBI issued a circular to permit authorised card payment networks (such as Visa,
Mastercard, Repay and etc.) to offer card tokenisation services to any token requestor subject to certain
conditions as specified in the circular. This was extended to all use cases / channels [e.g., Near Field
Communication (NFC) / Magnetic Secure Transmission (MST) based contactless transactions, in-app
payments, QR code-based payments, etc.] or token storage mechanisms (cloud, secure element, trusted
execution environment, etc.).
However, the facility was limited to certain trusted devices such as mobile phones and tablets. Subsequently,
considering the uptake in volume of tokenised card transactions, the RBI extended the facility to consumer
devices such as laptops, desktops, wearables (wrist watches, bands, etc.), Internet of Things (IoT) devices
and etc. in August, 2021.
The RBI also issued a directive in March, 2021 that banned the storage of customer card credentials, also
known as Card-on-File ("CoF"), by authorised Payment Aggregators and the merchants on-boarded by them
on their database or server. Since many entities involved in the card payment transaction chain and some
merchants also force customers to store card details, these measures were undertaken to minimise the
vulnerable points in the banking system.
In the latest development, vide circular dated September 7, 2021, the RBI has clarified that no entity in the
card transaction/payment chain other than the card issuers and/or card networks shall be permitted to store
actual card data with effect from January 1, 2022. Therefore, it is relevant for entities other than card issuers
and networks to note that previously stored card data would need to be purged. The only exception to this
mandate is the storage of limited data, i.e. the last four digits of the actual card number and the card issuer's
name for transaction tracking and/or reconciliation purposes.
Furthermore, the tokenisation framework has been extended to Card-on-File Tokenisation ("CoFT")
services. The token for this purpose shall be unique for a combination of card, token requestor and merchant.
Card issuers and card network have been permitted to offer card tokenisation services as Token Service
Providers ("TSP").
27
The RBI has provided certain conditions in the circular that facilitate ease of de-registration of tokens. Card
issuers are required to provide customers with the facility (through mobile applications, internet banking, at
branches or Interactive Voice Response) to view the list of merchants in respect of whom the CoFT has
been opted, and to de-register such token. Merchants are also required to provide card holders with an option
to de-register the token. The RBI has emphasised that introduction of tokenisation services will not have
any bearing on the convenience that the customers currently enjoy while transacting.
Keeping in line with the latest RBI circular, Visa launched the first CoFT service for merchants in India on
October 6, 2021 which is available on e-commerce platforms such as Grofers, bigbasket and MakeMyTrip.
Followed by the National Payments Corporation of India which has launched its tokenisation system for
RuPay cards on October 20, 2021.
Since the law on data protection in India still remains in a nascent stage, the RBI's tokenisation measures
for data security are essential to safeguard sensitive data of consumers. However, for a smooth functioning
tokenisation infrastructure, multiple players in the banking system would need to collaborate with one
another, which may pose certain challenges.
1.3.14 RBI Guidelines for Card Tokenization:
Continuing the efforts to improve safety and security of card transactions, Reserve Bank of India had
permitted card networks for tokenisation in card transactions for a specific use case.
Conditions
➢ Tokenisation – de-tokenisation service:
▪ Tokenisation and de-tokenisation shall be performed only by the authorised card network and
recovery of original Primary Account Number (PAN) should be feasible for the authorised card
network only. Adequate safeguards shall be put in place to ensure that PAN cannot be found out
from the token and vice versa, by anyone except the card network. Integrity of token generation
process shall be ensured at all times.
28
▪ Tokenisation and de-tokenisation requests should be logged by the card network and available for
retrieval, if required.
▪ Actual card data, token and other relevant details shall be stored in a secure mode. Token requestors
shall not store PAN or any other card detail.
➢ Certification of systems of card issuers / acquirers, token requestors and their app, etc.
▪ Card network shall get the token requestor certified for (a) token requestor’s systems, including
hardware deployed for this purpose, (b) security of token requestor’s application, (c) features for
ensuring authorised access to token requestor’s app on the identified device, and, (d) other
functions performed by the token requestor, including customer on-boarding, token provisioning
and storage, data storage, transaction processing, etc.
▪ Card networks shall get the card issuers / acquirers, their service providers and any other entity
involved in payment transaction chain, certified in respect of changes done for processing
tokenised card transactions by them.
▪ All certification / security testing by the card network shall conform to international best practices
/ globally accepted standards.
➢ Registration by customer:
▪ Registration of card on token requestor’s app shall be done only with explicit customer consent
through Additional Factor of Authentication (AFA), and not by way of a forced / default / automatic
selection of check box, radio button, etc.
▪ AFA validation during card registration, as well as, for authenticating any transaction, shall be as
per extant Reserve Bank instructions for authentication of card transactions.
▪ Customers shall have option to register / de-register their card for a particular use case, i.e.,
contactless, QR code based, in-app payments, etc.
▪ Customers shall be given option to set and modify per transaction and daily transaction limits for
tokenised card transactions.
▪ Suitable velocity checks (i.e., how many such transactions will be allowed in a day / week / month)
may be put in place by card issuers / card network as considered appropriate, for tokenised card
transactions.
▪ For performing any transaction, the customer shall be free to use any of the cards registered with
the token requestor app.
29
➢ Secure storage of tokens:
▪ Secure storage of tokens and associated keys by token requestor on successful registration of card
shall be ensured.
➢ Customer service and dispute resolution:
▪ Card issuers shall ensure easy access to customers for reporting loss of “identified device” or any
other such event which may expose tokens to unauthorised usage. Card network, along with card
issuers and token requestors, shall put in place a system to immediately de-activate such tokens
and associated keys.
▪ Dispute resolution process shall be put in place by card network for tokenised card transactions.
➢ Safety and security of transactions:
▪ Card network shall put in place a mechanism to ensure that the transaction request has originated
from an “identified device”.
▪ Card network shall ensure monitoring to detect any malfunction, anomaly, suspicious behaviour
or the presence of unauthorized activity within the tokenisation process, and implement a process
to alert all stakeholders.
▪ Based on risk perception, etc., card issuers may decide whether to allow cards issued by them to
be registered by a token requestor
30
Chapter 2. Research Methodology
31
2.1 Introduction of the Study in Short:
The concept of “Card Tokenization” will be mutually beneficial to the banks, customers (cardholder),
merchant and the economy.
Tokenization refers to the replacement of actual card details with a unique alternate code called the “token”.
Tokens serve as reference to the original data, but cannot be used to guess those values. This token masks
the true details of the individual’s card, thereby eliminating scope for misuse.
Tokenization makes the process of accepting payments easier and more secure. Tokenization is more than
just a security technology—it helps create smooth payment experiences and satisfied customers. Once cards
are tokenised, card data would remain only in the records of banks and card companies that why it reduces
risk from data breaches, helps foster trust with customers,
Tokenization does not affect the way you transact. The only addition is to protect cardholder from any
kind of data breaches fraud.
2.2 Objective of Study:
➢ To understand the importance of tokenisation for secure card transaction.

➢ To observe perspective of cardholder towards card tokenization.
➢ To study willingness of cardholder towards tokenization of their card.
2.3 Hypothesis:
On the basis of above-mentioned objectives, the research study aims to test following hypothesis:
H0 : 50% respondents are interested to tokenized their card.
H1 : More than 50% respondents are interested to tokenized their card.
32
2.4 Scope of Study:
➢ To create awareness in the society about card tokenization.

➢ To study need of tokenisation in today’s era.
➢ To study impact of tokenization for smooth and secure card payment.
2.5 Significance of the Study:
➢ The research study is beneficial to bank, customer (cardholder), merchant and economy.
➢ This research study helps to brings awareness among people’s regarding the concept of card
tokenization.
➢ To understand people reactions towards card tokenization.
2.6 Limitations of the Study:
➢ The study is restricted to the Mumbai City only.

➢ The sample size chosen for the customers was only 64 and that may not represent the true picture of
the customers perception towards the card tokenization.
➢ The selection of the people for the questionnaire will be done on the basis of convenient random
sampling.
➢ Time constraint.
➢ Resource constraint.
2.7 Sample Size and Techniques:
For My Research I have taken 64 people as a sample size by using convenient random sampling method.
33
2.8 Data Collection Method:
➢ This research is based on literature review and primary data.

➢ The literature review is related to tokenization.
➢ The primary data is collected through survey (structured questionnaire).
2.9 Techniques and Tools used in Research:
This research used tools and techniques like:
➢ Statistical analysis is an integral and vital part of a research report. In this study the statistical
technique is used i.e., Z test.
➢ For the purpose of various analysis editing, coding, classification, tabulation of the data, figures,
charts and diagram are used as a technique.
34
Chapter 3. Literature Review
35
3.1 Introduction:
This chapter reviews literature review related to the tokenization. The chapter deals with various journal,
newspaper, article, reports, magazines, books, etc. To gain background knowledge of the research topic.
3.2 Kuo, L. H. (2011)1, observed that the popularity of online shopping grows, online payment security
becomes an important issue and discussed the vulnerability of Visa best practices of tokenization. Author
explored a real-world token system and pointed out its weakness, both in standard and in implementation.
Author studies showed that from weak standard and flawed token system, it is possible to crack one credit
card token in months, afterwards break the rest in real-time. Author conclude that the payment card industry
should strengthen their standards and the secure payment service providers also should avoid flawed
implementation.
3.3 Scanio, S. & Glasgow, J. W. (2015)2, discussed the expected impact of different technologies
will have on payment card fraud. According to author, tokenization is viewed as a key component for
improving the security of retail payments and protecting payment credentials by removing them from the
transaction process. This concept has provided the industry with a stronger conform level around security
by combing NFC with a token and cryptogram stored in the secure element, and optional fingerprint
authentication.
3.4 Vishwakarma, P., Tripathy, A. K., & Vemuru, S. (2016)3, observed that the forthcoming
in the mobile payment method is incommensurable as multiple payment strategies being developed will
coincide with mobile payment security, such as tokenization, user and device authentication and cloud-
based secure element. According to author, tokenization has been one of the key security measures being
proposed to make HCE cloud-based mobile payment transactions secure. However, tokenization alone is
not enough to provide secure mobile payments.
36
3.5 Mattsson, U. T. (2009)4, interpreted that tokenization is less about innovative technology and more
about understanding how to design systems and processes that minimize the risk of retaining data elements
with intrinsic (or market) value. By centralizing and tokenizing data, organizations naturally minimize
exposure of data. According to Chief Technical Officer Ulf Mattsson, tokenization can provide measurable
benefits when deployed as part of a risk-based holistic data security solution, but it’s not best suited for
every business - in some cases, the expense and time spent fitting a system and applications for tokenization
may outweigh the benefits.
3.6 Díaz-Santiago, S., Rodríguez-Henríquez, L. M., & Chakraborty, D. (2016)5, observed

that all businesses now have options to receive payments through card; moreover, most organizations store
card information of its customers in some way to enable easy payments in future. Credit card data are a very
sensitive information, and theft of this data is a serious threat to any company. Any organization that stores
credit card data needs to achieve payment card industry (PCI) compliance, which is an intricate process
where the organization needs to demonstrate that the data it stores are safe. According to author tokenization
relieves the merchant from the burden of PCI compliance in several ways. Author analyse the syntax of a
tokenization system and several notions of security for such systems and provide some constructions of
tokenizers and analyse their security.
3.7 Iwasokun, G. B., Omomule, T. G., & Akinyede, R. O. (2018)6, analysed those existing
methods for promoting credit card information security have exhibited confidentiality, privacy and integrity
failures. Based on these findings, author studied the design of an RSA encryption and tokenization-based
system for combating fraud on online credit card transactions. According to author the system requires
cloud-computing technology to function and its main advantages include its ability to ensure non-
repudiation of transaction as well as secrecy of card transaction data or information. Results of its
implementation buttressed its effectiveness, speed efficiency and applicability. Concluded that the system
will deliver very high usability, adaptability and favourable experience for users. Comparative analysis with
related and relevant systems showed its relative advantages and superiority in areas such as credit card
security, key size, mobile alert.
37
3.8 Al-Maliki, O., & Al-Assam, H. (2021)7, studied the EMV contactless payment cards and their
vulnerability of leaking sensitive information such as the cardholder’s name, Primary Account Number
(PAN), and the expiry date of the EMV card. For security purpose author proposed a tokenization technique
to replace the PAN of the actual EMV contactless cards with a token to protect the genuine data from being
sniffed by an attacker and used in the Card-No-Present (CNP) attack or any other attacks. The proposal was
inspired by the implementation of the tokenization in the EMV Mobile payment such as Apple, Google, and
Samsung mobile payments. Author argue that the proposed tokenization technique is easy to adopt and cost-
effective to implement by EMV protocol as it does not require any changes to the infrastructure of existing
payment systems. A vital feature of the proposal is that all the changes in the EMV protocol are at the
personalization phase of the EMV card.
3.9 Nxumalo, Z. C., Tarwireyi, P., & Adigun, M. O. (2014, October)8, analysed that the past
decade has seen an increase in data breaches that target encrypted sensitive information like credit cards,
passwords and health records. A new approach to solving this problem thrives to minimize the storage of
sensitive data in processing environments. Author suggested a privacy-as-a-service mechanism which
makes use of the tokenization technology. It proposes the use of a tokenization service that can be used by
applications to store sensitive data away from the processing environment. Further, author shows that how
the tokenization service can be useful for applications such as e-commerce and e-health where privacy is a
major concern.
3.10 Ahmad, S., Paul, S., & Singh, A. P. (2016, August)9, observed that all business firms have
a huge number of sensitive data that required specific security. Firms and business houses generally prefer
to store these data on cloud environment as cloud environment delivers huge paybacks like reduced cost
and simplicity to access business data in an easy way. Banking institutions and financial companies,
healthcare industry, retail player and government sector strictly pursue appropriate instruction and
guidelines when managing security and sensitivity of business data in cloud environment that comprise
personal data, data for decision support, account related data and health related data. Author presented the
cloud environment related tokenization-based service model to protect sensitive and confidential data at
lesser cost and high performance.
38
3.11 Liu, F. (2016)10, explored that tokenization of sensitive cardholder information in online payment
systems reduces security risks significantly. Because tokens are generated by strong cryptographic
algorithms, they are difficult to reverse engineer and decode. As the trend of digital transactions continues
to grow, cybersecurity of cardholder data is an issue that will affect more users. Tokenization is among one
of the most cost-effective methods out there to balance the security needs of consumers, businesses, and
banks. According to author the major security benefits gained from token usage are worth the additional
effort of adding tokenization in the online payment processing chain.
3.12 Jain, S. D. (2017, October)11, investigated that with the development of cloud computing,
storage of whole world started shifting to the cloud. Management and security of such a large data was very
difficult, to lower the security issues, tokenization was developed, but for maintaining the security and safety
of the tokenization servers, there was need of a strong encryption algorithm. Author suggested that Next
Generation Encryption (NGE) algorithm, a strong encryption and authentication mechanism for maintaining
the confidentiality and integrity of the data which leverages the security and privacy provided by
Tokenization mechanism.
3.13 Ozdenizci, B., Coskun, V., Ok, K., & Karlidere, T. (2015)12, studied the significance of
Tokenization method in Cloud based HCE services in terms of both technical and business aspects. Author
explored that tokenization as a security method has important contributions for promoting HCE based NFC
services. There are diverse standardization efforts (i.e., ASC X9, PCI DSS, Visa, EMVCo) on Tokenization
method especially for payment service domain. In accordance with these standards, author proposed a novel
generic usage model for HCE based NFC services such as loyalty and couponing, access control,
identification and security applications. The proposed model aims to provide secure data service on the
cloud for promoting HCE based NFC services, and uses two-phased Tokenization for providing secure
communication between actors.
3.14 Pujari, C., Muniyal, B., & Kulkarni, A. (2018)13, analysed that India’s major focus is shift
from cash to cashless transaction which is going to bring in drastic change in the world of e-commerce.
According to author, as transaction is a crucial task, the need for security is the prominent factor to consider.
They proposed work aims to revise AES and develop a secure system based on tokenization. This method
39
ensures no relation between actual credit card data and the token generated for it, so all the applications will
be dealing with token but not the actual data. In tokenization there is no need to store token and
corresponding data in a database instead a standard random value table is used to generate token, which
reduces the overhead of storing tokens and ensures reduction in security audit.
3.15 Hassanien, E. D. H., & Elragal, A. (2014)14, evaluated ways that directly contributes to the
resolution of both the data locking and security issues being raised with cloud computing, especially where
confidential data enclosing frameworks are involved. According to author, this has been accomplished
through exploiting a substitute to traditional encryption security approaches, which is tokenization data
security. This non-conventional data security approach stands out for being a data security where the original
texts are protected yet eliminating the mathematical relations between the original text and the cipher-text.
Unlike traditional encryption approaches, tokenization data security articulates ciphering methods where
mathematical operations do not arbitrate how the final cipher-text is produced.
3.16 Noguerol, L. O. (2019)15, defined and provided the functions of echo systems, tokenization, and
blockchain as related to security of information in cyber network. According to author tokenization, moving
target protection technology, biometric authentication, machine learning, artificial intelligence, and
quantum cryptography are not the saviour of the world; but they are helping to keep the balance between
what the “bad” people can do and the limitations they face when trying to compromise the electronic data.
Author represent a huge challenge for those companies trying to get “their pieces of the cake,” if they keep
following traditional approaches for cybersecurity issues.
3.17 Newhouse, W., & Weeks, S. (2016)16, observed that retailers easily gather sensitive data during
typical business activities, such as date of birth, address, phone number, and email address, which can be
used by various internal users and external partners to accelerate business operations and revenue. There
has been an increase in the value of non-credit card, sensitive consumer data on the black market; however,
there are relatively few regulations or standards specific to this topic in the consumer-facing/retail industry
in the United States. Author interpreted that data masking and tokenization will help secure non-credit card,
sensitive consumer data stored during commercial payment transactions, as well as data shared internally
within a retail organization and externally with business partners.
40
3.18 De Vivo, D., & Gamess, E. (2017)17, observed that the need of merchants to adapt to
technological advances is increasing, so they can accommodate to new tendencies such as offering their
products and services via the web and mobile applications. To support these new tendencies of the
commerce, a large number of electronic payment systems has emerged. However, at the moment of
payments, the information of the credit card is entered manually and repetitively when the customer is
making several purchases, which can be stressful and unpractical. For this reason, author proposed a new
application i.e., tokenization to achieve a safe and efficient payment system. Tokenization Service is
intended to generate a token associated with a customer card or a merchant. For each merchant, this system
creates a vault where the information of the customer cards is kept. For each card, a card token is generated
and used as a replacement of the card number.
3.19 Scoping, S. I. G., & Taskforce, T. (2011)18, discussed guidance for payment industry
stakeholders when developing, evaluating, or implementing a tokenization solution, including how
tokenization may impact Payment Card Industry Data Security Standard (PCI DSS) scope. Author observed
that tokens and tokenization solutions can be implemented in numerous ways, and the security or process
controls provided by one solution may not be suitable or applicable to another. Additionally, the assignment
of roles and responsibilities may vary according to the particular solution or deployment method, and all
entities involved should be aware of their obligations for maintaining security controls and protecting
cardholder data. Further author evaluated the level of PCI DSS scope reduction offered by a tokenization
solution will also need to be carefully evaluated for each implementation. For example, locations and flows
of cardholder data, adequacy of segmentation, and controls around de-tokenization and mapping processes
should be reviewed and verified to ensure proper scoping of the CDE and appropriate application of PCI
DSS security requirements.
3.20 Cachin, C., Camenisch, J., Freire Stogbuchner, E., & Lehmann, A. (2017, April)19,
studied that tokenization is the process of consistently replacing sensitive elements, such as credit cards
numbers, with non-sensitive surrogate values. As tokenization is mandated for any organization storing
credit card data, many practical solutions have been introduced. However, all existing solutions are static
yet, i.e., they do not allow for efficient updates of the cryptographic keys while maintaining the
consistency of the tokens. Author observed that this lack of updatability is a burden for most practical
deployments, as cryptographic keys must also be re-keyed periodically for ensuring continued security.
Author introduces a model for updatable tokenization with key evolution, in which a key exposure does
41
not disclose relations among tokenized data in the past, and where the updates to the tokenized data set
can be made by an untrusted entity and preserve the consistency of the data. Further author defines the
desired security properties guaranteeing unlikability of tokens among different time epochs and one -
wryness of the tokenization process.
3.21 Mattsson, U. T. (2010)20, analysed a new approach to tokenize data which eliminates challenges
associated with standard centralized tokenization. Particularly in high volume operations, the usual way of
generating tokens is prone to issues that impact the availability and performance of the data. From a security
standpoint, it is critical to address the issue of collisions caused when tokenization solutions assign the same
token to two separate pieces of data. According to author next generation tokenization i.e. (Distributed
Tokenization) solution addresses all of these issues. In this approach system performance, availability and
scaling are enhanced, numeric and alpha tokens are generated to protect a wide range of high-risk data, key
management is greatly simplified, and collisions are eliminated. This new approach has the potential to
change where tokenization can be used.
3.22 Ogigau-Neamtiu, F. (2016)21, observed that classical solutions for ensuring data security have
consistent limitations in modern platforms due to factors like data sharing requirements, multi-tenancy,
dynamic environment, high availability and reliability requirements, etc. According to author one approach
to address this problem is to implement encryption mechanisms which will provide the required security,
but they depend on substantial investments in hardware and/or software and add supplementary complexity
to those systems. That’s why author analyses tokenization as an alternative strategy for ensuring data
security in modern cloud computing systems. The analysis conducted in this article reveals that tokenization
has a huge potential and can be used in modern organisational environments to overcome encryption and
masking limitations. Tokenization requires reduced IT resources, minimises the impact upon organisation
business processes, limits performance impact and increases organisation collaborative capabilities.
Implementing a tokenization framework in an organisation has to be done based on a consistent strategy
plan.
3.23 Nugier, C., Leblanc-Albarel, D., Blaise, A., Masson, S., Huynh, P., & Piugie, Y. B.
W. (2021, July)22, proposed a solution for tokenization systems for Credit card numbers. They present
42
method for managing tokens in RAM using a table. This system is based on the possibility to keep a full
table of tokens in RAM so that computations are fast enough to guarantee a tokenization within a
100mstimeframe as long as the table is not filled more than 99.87%. Authors refer to their approach as
upcycling as it allows for regenerating used tokens by maintaining a table of currently valid tokens. Further
they compare their approach to existing ones and analyse its security. According to them the main existing
system (Voltage), our table does not increase in size nor slow down over time. Author interpreted that this
proposed satisfies the common specifications of the domain. It is validated by measurements from an
implementation. By reaching 70 thousand tries per timeframe, they almost exhaust the possibilities of the
“8-digit model” for properly dimensioned systems.
3.24 Roy, S., Shovon, A. R., & Whaiduzzaman, M. (2017, December) 23, observed that the
era of technology is now shifting towards the Cloud Computing and today's computation tends to be
provisioned as a service rather than a product. Recently Cloud Computing has become more portable and
flexible in such way so that we call it having a super computer in our pockets. According to author, despite
the potential application of cloud computing, data security is still questionable in privacy issue due to insider
threats and data breaches. After the internet of things (IoT) emerges, in big data arena both data security and
storage optimization at the same time has been a crying need. That’s why author proposed an enhanced
framework of security model including tokenization with a view to eradicating the privacy issue of sensor
data and ensuring storage optimization. Tokenization provides a wider range of security by protecting data
from malicious insider threats or data breaches in cloud. Author analyse that proposed tokenization process
optimizes cloud storage instances as well with a little prior mining in order to convert large data sets into
small ones.
3.25 Bhardwaj, N. (2021)24, discussed the new mandate regarding tokenization & explain how
tokenization could be implemented to manage the new data storage compliance in India, and highlight scope
for fintech businesses. The Reserve Bank of India (RBI) issued a notification in September 2021 on the
changes to the usage mechanism of credit and debit cards by the individuals in India. Previously, the
mandate was from January 1, 2022; it is now extended to June 30, 2022. The RBI has revised its guidelines
on online data storage, affecting digital payments compliance for card issuers and online merchants. i.e.,
RBI is asking online commerce platforms to delete card-on-file credentials. This will affect all online
merchants like Amazon and Flipkart; payment aggregators like Google Pay and Paytm; and streaming giants
like Netflix and Hotstar, among others.
43
3.26 Ozdenizci Kose, B., Ok, K., & Coskun, V. (2016)25, observed that emerging of Host Card
Emulation (HCE) technology, card emulation mode based Near Field Communication (NFC) services have
gained further appreciation as an enabler of the Cloud-based Secure Element (SE) concept. A
comprehensive and complete architecture with a centralized and feasible business model for diverse HCE-
based NFC services will be highly appreciated, particularly by Service Providers and users. To satisfy the
need in this new emerging research area, author suggested tokenization-based communication architecture
for HCE-based NFC services. The proposed model aims to provide an efficient authentication mechanism
for both users and Service Providers through a Two-Phased Tokenization model and enables NFC
Smartphone users to store, manage, and use their sensitive data on the Cloud for NFC services. Further
author validates the proposed architecture by providing a case study on access control. We further evaluate
the usability aspect in terms of an authentication scheme. According to author, with an efficient
authentication using the Two Phased Tokenization model, the proposed communication architecture
provides a centralized, win-win business model for promoting diverse card emulation-based NFC services.
3.27 Alliance, S. C. (2014) 26, presented three technologies (EMV, encryption and tokenization) that
work in tandem to protect those businesses processing credit and debit cards against card fraud and discuss
of how payments industry implements these three technologies together to secures the payments
infrastructure and prevents payment fraud. According to author, payment’s stakeholders seeking to reduce
cost and complexity but facing limited budgets should optimize implementation based on the benefits of
each technology. Author analyse that, low-value-ticket card-present merchant may have very few
chargebacks and may not be worried about counterfeit cards. So, they focus on the encryption of data in
transit and at rest, a high-value-ticket card-present merchant may be most concerned about counterfeit cards.
The investment focus would be on EMV first and encryption of data in their network, a large e-commerce
retailer’s investment focus may be first on tokenization with cardholder authentication, and securing e-
commerce transactions. Encryption of data on its way to the acquirer or processor would be another priority,
face-to-face merchants with complex environments that have a need to use card data for purposes in addition
to authorization may wish to include an acquiring tokenization solution with encryption and EMV in order
to ensure that they can securely replace sensitive card data throughout their systems as needed.
3.28 Alexander, P. (2017) 27, observed that ACH transaction is a safest, efficient electronic funds
transfer between bank accounts using a batch processing system but with the increasing movement toward
an electronic, interconnected and mobile infrastructure, it is critical that electronic payments work safely
44
and efficiently for all users. Even though the National Automated Clearing House Association (NACHA)
requires ACH participants to use commercially reasonable encryption and authentication procedures, the
risks associated with employee error or negligence, physical theft, and insider theft of data remain
substantial. That’s why author suggested the use of Multi-Step Tokens in life cycle of ACH transactions
lower the risk of sensitive data exposure. Author analysis that multi-step tokenization can be used to generate
and validate unique transaction path as a function of the transaction origin number, originating depository
financial institution, Standard Entry class, Receiving depository financial institution and account number.
Even if the account or token value gets misplaced, the data will be of no use to the person having the
information.
3.29 Maji, P. (December 20, 2021)28, studied that how tokenization will benefit consumers at large
to adopt digital payments. Author studied that tokenization essentially means that the 16-digital card number
is replaced by a unique code or ‘token’ – useful for mobile or online transactions. This devaluation of
sensitive data that tokenization facilitates, helps to mitigate any risks of security breaches. Author studied
that tokenization does not affect the way you transact. Everything that you do towards making a digital
transaction will remain the same. The only addition is the protection that tokenization provides customers
who opt for tokenization can complete transactions without having to input their card details every time they
make a transaction. Overall, it is a step up towards consumer convenience and preventing cases of fraud.
45
References
1. Kuo, L. H. (2011). “Cracking Credit Card Number Tokenization. Computer Science Department”
University of Wisconsin-Madison.
2. Scanio, S. & Glasgow, J. W. (2015). “Payment Card Fraud, Data Breaches, and Emerging Payment
Technologies” Fidelity Law Journal, 21.
3. Vishwakarma, P., Tripathy, A. K., & Vemuru, S. (2016). “A hybrid security framework for near field
communication driven mobile payment model” International Journal of Computer Science and
Information Security (IJCSIS), 14(12).
4. Mattsson, U. T. (2009). “Analysing the Security, Compliance and Cost Benefits of

Tokenization” Compliance and Cost Benefits of Tokenization (April 30, 2009).
5. Díaz-Santiago, S., Rodríguez-Henríquez, L. M., & Chakraborty, D. (2016). “A cryptographic study of

tokenization systems” International Journal of Information Security, 15(4), 413-432.
6. Iwasokun, G. B., Omomule, T. G., & Akinyede, R. O. (2018). “Encryption and tokenization-based
system for credit card information security” International Journal of Cyber Security and Digital
Forensics, 7(3), 283-293.
7. Al-Maliki, O., & Al-Assam, H. (2021). “A tokenization technique for improving the security of EMV
contactless cards” Information Security Journal: A Global Perspective, 1-16.
8. Nxumalo, Z. C., Tarwireyi, P., & Adigun, M. O. (2014, October). “Towards privacy with tokenization
as a service” In 2014 IEEE 6th International Conference on Adaptive Science & Technology (ICAST).
9. Ahmad, S., Paul, S., & Singh, A. P. (2016, August). “Tokenization based service model for cloud
computing environment” In 2016 International Conference on Inventive Computation Technologies
(ICICT) (Vol. 3, pp. 1-7).
10. Liu, F. (2016). “Analysis of Tokenization in Digital Payments” Cyber Security Fall 2016 Final Paper.
11. Jain, S. D. (2017, October). “Enhancing security in Tokenization using NGE for storage as a service”
In 2017 1st International Conference on Intelligent Systems and Information Management (ICISIM).
46
12. Ozdenizci, B., Coskun, V., Ok, K., & Karlidere, T. (2015) “Significance of Tokenization in Promoting
Cloud Based Secure Elements”.
13. Pujari, C., Muniyal, B., & Kulkarni, A. (2018). “A Tokenization System to Secure Critical Data”
International Journal of Engineering and Technology (UAE), 7(41).
14. Hassanien, E. D. H., & Elragal, A. (2014). “Business intelligence in cloud computing: A tokenization
approach” In Proceedings of the 7th IADIS International Conference Information Systems 2014, IS 2014.
15. Noguerol, L. O. (2019). “Are Tokenization, Moving Target Protection Technology, Biometric
Authentication, Machine Learning, Artificial Intelligence, and Quantum Cryptography the saviours on
the cybersecurity war?” Journal of IT and Economic Development, 10(1).
16. Newhouse, W., & Weeks, S. (2016). “Securing Non-Credit Card, Sensitive Consumer Data: Consumer
Data Security for the Retail Sector” National Institute of Standards and Technology.
17. De Vivo, D., & Gamess, E. (2017). “Application to Quickly and Safely Store and Recover Credit Card’s
Information, using Tokenization and Following the PCI Standards”.
18. Scoping, S. I. G., & Taskforce, T. (2011). “Information Supplement: PCI DSS Tokenization Guidelines”
Standard: PCI Data Security Standard (PCI DSS), 24.
19. Cachin, C., Camenisch, J., Freire Stogbuchner, E., & Lehmann, A. (2017, April). “Updatable
tokenization: Formal definitions and provably secure constructions” In International Conference on
Financial Cryptography and Data Security (pp. 59-75). Springer, Cham.
20. Mattsson, U. T. (2010). “A New Scalable Approach to Data Tokenization” Available at SSRN 1627284.
21. Ogigau-Neamtiu, F. (2016). “Tokenization as a data security technique” Zeszyty Naukowe AON.
22. Nugier, C., Leblanc-Albarel, D., Blaise, A., Masson, S., Huynh, P., & Piugie, Y. B. W. (2021, July). “An
Upcycling Tokenization Method for Credit Card Numbers” In International Conference on Security and
Cryptography (SECRYPT).
23. Roy, S., Shovon, A. R., & Whaiduzzaman, M. (2017, December). “Combined approach of tokenization
and mining to secure and optimize big data in cloud storage” In 2017 IEEE Region 10 Humanitarian
Technology Conference (R10-HTC) (pp. 83-88). IEEE.
47
24. Bhardwaj, N. (2021). “What is Card Tokenisation and Why is its Compliance in India an Opportunities
for Fintech?”. India Briefing.Maji, P. (December 20, 2021). “RBI’s Dec 31 deadline on tokenization:
What does it mean for you?”.
25. Özdenizci Köse, B., Ok, K., & Coşkun, V. (2016). “A tokenization-based communication architecture
for HCE-Enabled NFC services” NFC Lab-Istanbul, Department of Information Technologies, ISIK
University, 34980 Istanbul, Turkey.
26. Alliance, S. C. (2014). “Technologies for payment fraud prevention: EMV, encryption and tokenization”.
27. Alexander, P. (2017). “Multi-Step Tokenization of Automated Clearing House Payment Transactions”
University of South Florida.
28. Maji, P (December 20,2001). “RBI’s Dec 31 deadline on tokenization: What does it mean for you?”
48
Chapter 4. Data Analysis, Interpretation and
Presentation
49
4.1 Introduction of Data Analysis and Interpretation:
➢ Data Processing:
Data processing is a crucial stage in research. After collecting the data from the field, the researcher
has to process and analyse them in order to arrive at certain conclusions which may confirm or
invalidate the hypothesis which he had formulated towards the beginning of his research worth. Data
processing consists of editing, coding, and tabulation. It is an intermediary stage between the collection
of data and their analysis and interpretation.
▪ Editing:
Editing is the process of examining the data collected in a survey to detect errors and omissions
and to see that they are corrected and the schedules prepared for tabulation is known as editing.
Editing involves routing task of checking the filled questionnaire.
▪ Coding:
Coding is considered as the classification process. The purpose of coding is to classify the answer
in a question into meaningful categories which is necessary for tabulation. Coding aims at
summarising the survey answers so that the handling of such data is made easy for further analysis
and their essential pattern is brought out.
▪ Tabulation:
It is one of the most important methods of presenting the classified data in a meaningful and
systematic fashion. It is the process of logical listing of the classified data in the form of a table
containing horizontal rows and vertical columns with all the necessary descriptions.
➢ Data Analysis:
Data analysis is the process of cleaning, changing, and processing raw data, and extracting actionable,
relevant information that helps businesses make informed decisions. The procedure helps reduce the
risks inherent in decision-making by providing useful insights and statistics, often presented in charts,
images, tables, and graphs.
➢ Data Interpretation:
Interpretation refers to the task of drawing inferences from the collected facts after an analytical or/and
experimental study. Interpretation is the device through which the factors that seem to explain what
50
has been observed by researcher in the course of the study can be better understood and it also provides
a theoretical conception which can serve as a guide for further research.
4.2 Introduction of Hypothesis Testing:
Hypothesis testing is a systematic procedure for deciding whether the results of a research study support a
particular theory which applies to a population.
Hypothesis testing uses sample data to evaluate a hypothesis about a population. A hypothesis is an
assumption about a population parameter. It is a statement about the population that may or may not be true.
Hypothesis testing aims to make a statistical conclusion about accepting or not accepting the hypothesis.
Statistical analysis is an integral and vital part of a research report. For my study I was used statistical
analysis techniques i.e., Z-test.
➢ Z-test:
▪ It is a statistical tool used for the comparison or determination of the significance of several
statistical measures, particularly the mean in a sample from a normally distributed population or
between two independent samples.
▪ Z-test-test is generally performed in samples of a larger size (n>30).
▪ Z-test is performed on samples that are normally distributed.
▪ Z-test is more convenient as it has the same critical value for different sample sizes.
▪ In a normal distribution, the average is considered 0 and the variance as 1.
▪ In addition, to mean, Z-test can also be used to compare the population proportion.
51
4.3 Data Analysis and Interpretation:
4.3.1 Gender:
Table 4.1 Gender:
Gender No. of Responses No. of Responses (in%)
Male 22 34.4
Female 42 65.6
Total 64 100
Figure 4.1 Gender:
Interpretation:
➢ Above figure shows the gender of the respondents.

➢ Out of 64 responses, 22 respondents were male and 42 respondents were female.
➢ It reveals that maximum number of responses were received from female i.e., 65.6%.
52
4.3.2 Occupation:
Table 4.2 Occupation:
Occupation No. of Responses No. of Responses (in%)
Students 21 32.8
Self Employed 2 3.1
Salaried Job 36 56.3
Housewife 1 1.5
Unemployment 4 6.3
Total 64 100
Figure 4.2 Occupation:
1.5%
6.3%
3.1%
Interpretation:
➢ Above figure shows that, the occupation of the respondents.

➢ It reveals that, the maximum number of responses were received from salaried employees i.e., 56.3%.
53
4.3.3 Income:
Table 4.3 Income:
Income (Annually) No. of Responses No. of Responses (in%)
Less than 2,00,000 16 25
2,00,000-5,00,000 18 28.1
5,00,000-10,00,00 10 15.6
Nil 20 31.3
Total 64 100
Figure 4.3 Income:
Interpretation:
➢ Above figure shows the income level of the respondents.

➢ It shows that, approximately all the income level group used card i.e., usages of card not so much
depend on income of the cardholder.
54
4.3.4 Age:
Table 4.4 Age:
Age No. of Responses No. of Responses (in%)
18 to 25 46 71.9
26 to 35 12 18.8
36 to 45 3 4.7
46 & above 3 4.6
Total 64 100
Figure 4.4 Age:
4.7 %
4.6%
Interpretation:
➢ Above figure shows, the age group of the respondents.

➢ It interpreted that; maximum number of responses were received from age group of 18 to 25 i.e.,
71.9%.
55
4.3.5 No. of Debit/Credit card does person have:
Table 4.5 No. of Debit/Credit card does person have:
No. of Debit/ Credit

No. of Responses No. of Responses (in%)
Card
1 30 46.9
2 21 32.8
3 11 17.2
More than 3 2 3.1
Total 64 100
Figure 4.5 No. of Debit/Credit card does person have:
3.1%
Interpretation:
➢ Figure 4.5 shows that, the no. of Debit/Credit card does person have.
➢ Out of 64 respondents, 30 respondents have at least 1 card, 21 respondents have 2 cards, 11
respondents have 3 cards and 2 respondents have more than 3 card.
➢ It reveals that the half of the respondents have more than one card because it’s convenient to use and
there are variety of card issuer whose offer different benefits (like purchase discount) to the
cardholder apart from transaction.
56
4.3.6 Used of Debit/Credit card for online payment:
Table 4.6 Used of Debit/Credit card for online payment:
Used No. of Responses No. of Responses (in%)
Mostly 27 42.2
Rarely 30 46.9
Not at All 7 10.9
Total 64 100
Figure 4.6 Used of Debit/Credit card for online payment:
Interpretation:
➢ Above figure shows the used of Debit/Credit card for online payment.
➢ Out of 64 respondents, 57 respondents used Debit/Credit card for online payment and 7 respondents
not used the cards for online payment.
➢ But out of 57 respondents, 27 respondents used it mostly i.e., regularly whereas 30 respondents used
it rarely.
➢ It interpreted that, there are many benefits of using card still some people are not at all to prefer cards
for online payment
57
.4.3.7 Maximum amount customer prefer to pay through Debit/Credit Card:
Table 4.7 Maximum amount customer prefer to pay through Debit/Credit Card:
Amount No. of Responses No. of Responses (in%)
Less than 1,000 11 17.2
1,000- 3,000 22 34.4
3,000-10,000 17 26.6
More than 10,000 14 21.9
Total 64 100
Figure 4.7 Maximum amount customer prefer to pay through Debit/Credit Card:
Interpretation:
➢ Above figure shows the maximum amount customer prefer to pay through Debit/Credit card.
➢ Out of 64 respondents,11 respondents prefer less than 1,000, 22 respondents prefer 1,000-3,000, 17
respondents prefer 3,000-4,000 and 14 respondents prefer more than 10,000 pay through Cards.
➢ It realised; some people are use card for day-to-day transaction whereas some people are like to use it
for bigger amount of transactions.
58
4.3.8 Trust of the customers on Debit/ Credit card security:
Table 4.8 Trust of the customers on Debit/ Credit card security:
Answers No. of Responses No. of Responses (in%)

Yes
39 60.9
No 4 6.3
Doubtful 21 32.8
Total 64 100
Figure 4.8 Trust of the customers on Debit/ Credit card security:
6.3%
Interpretation:
➢ Above figure shows that, trust of customers on Debit/ Credit card security.
➢ Out of 64 respondents, 39 respondents think that Debit/Credit card are secure, 4 respondents think
that they are not secure and 21 respondents doubtful about it’s security.
➢ It reveals that more than half of the respondent’s trust that Debit/ Credit card are secure kind of
transaction.
59
4.3.9 How much customer feel secure while doing online transaction using Debit/ Credit card:
Table 4.9 How much customer feel secure while doing online transaction using Debit/ Credit card:
Security Review No. of Responses No. of Responses (in%)

Completely Secure
22 34.4
Somewhat secure 40 62.5
Not at all secure 2 3.1
Total 64 100
Figure 4.9 How much customer feel secure while doing online transaction using Debit/ Credit card:
3.1%
Interpretation:
➢ Above figure shows that, how much customer feel secure while doing online transaction using Debit/
Credit card.
➢ Out of 64 respondents, 22 respondents feel complete secure while doing online transaction using
Debit/ Credit card ,40 respondents feel somewhat secure but 2 respondents feel not at all secure.
➢ It reveals that most of the customers trust that Debit Credit card are secure but they are not feeling
completely secure while doing online transaction.
60
4.3.10 Payment methods prefer by customers for online purchases:
Table 4.10 Payment methods prefer by customers for online purchases:
Mode of Payment No. of Responses No. of Responses ( in %)
Cash on Delivery 27 42.2
Debit/ Credit Card 31 48.4
E- wallet 29 45.3
UPI 26 40.6
Figure 4.10 Payment method prefer by customers for online purchases:
Interpretation:
➢ Above figure shows that, payment methods prefer by customers for online purchases.
➢ It reveals that, most of the customers prefer Debit/ Credit card for online payment as compared to
other payment methods.
➢ It shows that usage of card payment for online purchases is increasing as compared to other methods.
61
4.3.11 No. of people aware that, when they do online card payment, there card details are stored in
merchant server:
Table 4.11 No. of people aware that, when they do online card payment, there card details are stored
in merchant server:

Yes
38 59.4
No 26 40.6
Total 64 100
Figure 4.11 No.of people aware that, when they do online card payment, there card details are stored
in merchant server:
Interpretation: -
➢ Above figure shows that how many no. of people aware that, when they do online card payment,
there card details are stored in merchant server.
➢ Out of 64 respondents, 38 respondents are aware about it and 26 respondents are not aware about it.
62
4.3.12 No. of respondents are interested to adopt any security method for secured card details from
merchant:
Table 4.12 No. of respondents are interested to adopt any security method for secured card details
from merchant:

Yes
56 87.5
No 8 12.5
Total 64 100
Figure 4.12 No. of respondents are interested to adopt any security method for secured card details
from merchant:
6.3%
Interpretation:
➢ Above figure shows that, no. of respondents are interested to adopt any security method for secured
card details from merchant.
➢ Out of 64 respondents, 56 respondents are interested to secured their card details from merchant by
adopting any security method.
➢ But Still 8 respondents are not interested to secured their card details.
63
4.3.13 No. of respondents interested to tokenized their card:
Table 4.13 No. of respondents interested to tokenized their card:
Answer No. of Responses No. of Responses ( in %)
Yes 39 60.9
No 25 39.1
Total 64 100
Figure 4.13 No. of respondents interested to tokenized their card:
Interpretation:
➢ Above figure shows that, no. of respondents interested to tokenized their card.
➢ Out of 64 respondents, 39 respondents are interested to tokenized their card and 25 respondents are
not interested to tokenized their card.
➢ It reveals that there is high future scope for tokenization in India.
64
4.3.14 Reason behind respondents not interested to tokenized their card:
Table 4.14 Reason behind respondents not interested to tokenized their card:
Reasons No. of Responses No. of Responses (in%)
Lack of Awareness 15 60
Will Think of it in Future 8 32
Prefer another Mode of Payment 2 8
Total 25 100
Figure 4.14 Reason behind respondents not interested to tokenized their card:
Interpretation:
➢ Above figure shows that, the reasons behind respondents not interested to tokenized their card.
➢ Out of 25 respondents, 15 respondents are not interested because of lack of awareness, 8 respondents
will think about it in future and 2 respondents not interested because they like to prefer another mode
of payment instead of card tokenization.
65
4.4 Testing of Hypothesis:
The hypothesis for the study is formed as below:
H0: 50% respondents are interested to tokenized their card.
H1: More than 50% respondents are interested to tokenized their card.
★ Taken into consideration that population of respondents have lack of knowledge about tokenization.
Testing of Hypothesis using Z-test:
➢ Hypothesis:
Null Hypothesis:
H0: p = 0.50 (It implies that 50% respondents are interested to tokenized their card.)
Alternate Hypothesis:
H1: p > 0.50 (It implies that more than 50% respondents are interested to tokenized their card.)
➢ Formula:
Where,
P - population assumed proportion
p - sample proportion
66
n – sample size.
➢ Taking sample for testing above hypothesis:
Table (For testing H0)
Answer No. of Responses No. of Responses ( in %)

No. of respondents
interested to tokenized 39 60.9
their card.
No. of respondents are
not interested to 25 39.1
tokenized their card.
Total 64 100
We use 5% level of significance and Right tailed test for finding Z Critical value.
➢ Test Statistic:
P = (Assumed) population proportion = 0.50

𝑝 = sample proportion = 0.609
Level of significance is 5 % i.e., 0.05
Z = 0.609-0.50/√[(0.50*0.50)/64]
Z = 0.109/ 0.0625
Z = 1.744
Zcal value = 1.74
➢ Z critical value for Right Tailed Test:
Z > 1.64
➢ Decision Criteria:
Decision Criteria for Right tailed test,
We reject null hypothesis if,

67
Zcal Value > Z critical Value.
Here,
Zcal = 1.744
Z critical value = 1.64

1.69 > 1.64 (Zcal Value > Z critical Value)
➢ Conclusion:
We Reject,
H0: 50% respondents are interested to tokenized their card.
& Accept
H1: More than 50% respondents are interested to tokenized their card.
68
Chapter 5. Findings, Suggestions and Conclusion
69
CHAPTER 5
CONCLUSION AND SUGGESTIONS
5.1 Findings:
➢ As per survey, most of the people are like to use card while doing online payments. Some people are
use card for day-to-day transaction whereas some people are like to use it for bigger amount of
transactions.
➢ Most of the customers trust that Debit/Credit card are secure but they are not feel completely secure
while doing online transaction.
➢ For the convenient digital payment, most of the people save their card details in merchants or payment
aggregator website or application, it results in increasing data breaches fraud if the merchant or
payment aggregator server get hacked.
➢ Also, many entities involved in the card payment transaction chain and some merchants force
customers to store card details, these brings in maximize the vulnerable points in the banking payment
system.
➢ Tokenization does not affect the way you transact. The only addition is to provide protection to
cardholder from any kind of data breaches fraud. Introduction of tokenisation services will not have
any bearing on the convenience that the customers currently enjoy while transacting. Customer need
not pay any charges for availing tokenization service.
➢ As per survey, most of the people wants to secured their card but they did not aware of the concept of
tokenisation.
➢ E-wallet, UPI & mobile banking somewhere related to the card details when we are doing transaction
through them.
➢ In September 2021, the RBI prohibited merchants from storing customer card details on their servers
with effect from June 01, 2022, and mandated the adoption of card-on-file (CoF) tokenisation as an
alternative to card storage.
➢ If customer not tokenized their card, they have to fill all the details again and again when they do
online transaction. Because no entity in the card transaction/payment chain other than the card issuers
and/or card networks shall be permitted to store actual card data with effect from 30 June,2022.
70
5.2 Suggestions:
➢ To aware the people about card tokenization as earlier as possible.

➢ To aware the people who are unknown about the concept of card tokenization through various ways
such as bank official website, media’s, advertisement, etc.
➢ To make people more aware about card tokenization specially a financial illiterate people; convey
them the benefits of card tokenization.
➢ To conduct programs and seminars for the customers about how to register and use the tokenization
service.
5.3 Conclusion:
➢ It found that the concept of tokenisation is need of today’s living.

➢ Tokenization is act as “Putting the Cherry Before the Making Cake” which means that it secured the
transaction before it gets start.
➢ Due to the covid the society gives importance to online payments rather than cash transactions, this
resulted in increasing demands for digital Payments.
➢ With the adoption of digital payments amongst the masses at large, the safety of payment data against
unauthorized usage holds paramount importance. Tokenisation provides an additional layer of security
by encrypting the card details and will help enhance consumer confidence in using digital modes of
payments.
➢ Even in the case of data breach, valuable personal data simply isn't there to steal. Tokenization can't
protect you from a data breach—but it can reduce the financial fallout from any potential breach.
➢ In a 2018 CA Technologies/Frost & Sullivan study 59% of consumers said a data breach had a negative
impact on their trust in the affected company. Beyond avoiding the worst-case scenario of a data
breach, using advanced security such as tokenization, fosters customer trust. Consumers don't want
their payments data falling into the wrong hands. Demonstrating a strong commitment to the security
of customer data is appreciated by consumers. Tokenization plays a vital role in securing card from
fraud/theft.
➢ As per my survey, it reveals that there is high future scope for tokenization in India but there is one
exception that most of the people try to avoid this concept because of the lack of awareness.
71
BIBLIOGRAPHY
Websites:
1. http://www.rbi.org.in/commonperson/English/Scripts/FAQs.aspx?Id=2917
2. https://www.financialexpress.com/india-news/rbis-dec-31-deadline-on-tokenization-what-does-it-
mean-for-you/2384402/lite/
3. http://www.hdfcbank.com/personal/pay/payment-solutions/tokenization
4. https://www.nielit.gov.in/content/digitalpayments
5. https://www.paiementor.com/anatomy-of-a-bank-card/
6. https://razorpay.com/blog/tokenisation-and-its-impact-on-online-payments/
7. https://www.encryptionconsulting.com/education-center/types-of-tokenization-vault-and-
vaultless/
8. https://www.tokenex.com/resource-center/what-is-tokenization
9. https://paykun.com/blog/what-is-tokenization-how-does-it-work/
10. https://www.slideshare.net/bellidcom/what-is-payment-tokenization-43116338
72
ANNEXURES
➢ Personal Information of Respondents:
1. Name:
2. E-mail ID:
3. Gender:
o Male
o Female
o Other
4. Occupation:
o Students
o Self Employed
o Salaried Job
o Housewife
o Unemployment
5. Income (Annually):
o Less than 2,00,00
o 2,00,000 - 5,00,000
o 5,00,000 - 10,00,000
o Nil
6. Age:
o 18 – 25
o 26 – 35
o 36 – 46
o 46 and Above
73
➢ Questions Related to Project:
7. Do you have a Debit/Credit card?

o Yes
o No
8. How many Debit/Credits card you have?

o 1
o 2
o 3
o More than 3
9. How often you use your Debit/Credit card for online payment.
o Mostly
o Rarely
o Not at All
10. How much maximum amount you would prefer to pay through Debit/ Credit Card?
o Less than 1,000
o 1,000–3,000
o 3,000–10,000
o More than 10,0000
11. Do you trust Debit/Credit Card are secure?

o Yes
o No
o Doubtful
12. How secure do you feel while doing online transaction using Debit/ Credit Card?
o Completely Secure
o Somewhat Secure
o Not at All Secure
74
13. Which of the following mode of payment, you prefer for online purchase?
o Cash on Delivery
o Debit/ Credit Card
o E-wallet (G- Pay, Phone Pay, Paytm)
14. Do you know, when you do online card payment, your card details are store in merchant (like
Amazon/ Flipkart) server?
o Yes
o No
15. If there is any method to hide your sensitive card details from merchant while doing online
payment. Did you like to use it?
o Yes
o No
16. Are you interested to tokenized your card?

o Yes
o No
17. If not, what is the reason behind it?

o Lack of Awareness
o Prefer Another Mode of Payment
o Will Think of it in Future
75

Final Project PDF

Uploaded by

Copyright:

Available Formats

You might also like

Final Project PDF

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Final Project PDF

Uploaded by

Copyright:

Available Formats

PROJECT REPORT

“STUDY ON CARD TOKENIZATION IN INDIA”

University of Mumbai for partial completion of the degree of

Bachelor in Commerce (Banking and Insurance)

Under the Faculty of Commerce

MISS. SHWETA AJIT REDKAR

Under the Guidance of

ASST. PROF. MRS. TRUPTI KAUTIKWAR

KG JOSHI BEDEKAR COLLEGE OF COMMERCE

Vidya Prasarak Mandal, Thane

N.G. BEDEKAR COLLEGE OF COMMERCE, AUTONOMOUS, THANE.

This is to certify that

Ms. Shweta Ajit Redkar of B.com (B & l) Semester Vl Roll No.

Tokenization in India” during the academic year 2021-2022 under

the guidance of Ms. Asst. Prof. Trupti Kautikwar Submitted on 03-03-2022

BACHELOR OF COMMERCE (BANKING & INSURANCE) UNIVERSITY OF MUMBAI

PROJECT COURSE EXTERNAL PRINCIPAL

GUIDE CO-ORDINATOR EXAMINER

Miss. Shweta Ajit Redkar

Asst. Prof. Mrs. Trupti Kautikwar

Sr. No. Name of the Chapter Page No.

1.2 Introduction to Payment Card

1.3 Introduction of Tokenisation

Chapter 3 Literature Review

Chapter 4 Data Analysis, Interpretation and Presentation

4.3 Data Analysis and Interpretation 52

Chapter 5 Conclusion and Suggestions

Table No. Title of Tables Page No.

Chapter 4 Data Analysis, Interpretation and Presentation

Figure No. Title of Figures Page No.

Chapter 4 Data Analysis, Interpretation and Presentation

Sr. No. Abbreviations Full Form

1.1.2 Cashless Economy:

➢ Ensuring security of digital payments ecosystem.

Financial Year Volume of Transactions (in Crore)

1.1.4 Methods of Digital Payment:

➢ Banking Cards (Debit/Credit):

▪ What is required for Transaction?

o Self-service and/or Assisted mode.

▪ Necessary conditions for service initiation:

▪ What is required for Transaction?

➢ E-wallet/ Mobile Wallet:

1.1.5 Benefits of Digital Payment:

➢ Faster, Easier, More Convenient:

➢ Economical and Less Transaction Fee:

➢ Waivers, Discounts and Cashbacks:

➢ Digital Record of Transactions:

➢ One Stop Solution for Paying Bills:

➢ Helps Keep Black Money under Control:

1.1.6 Growth in Digital Payment During Covid-19:

1.2 INTRODUCTION TO PAYMENT CARD:

Advantages of a Debit Card:

Disadvantages of a Debit Card:

Advantages of Credit Cards:

Disadvantage of Credit Cards:

▪ Credit card fraud:

➢ The Front of a Payment Card: