Google Pay’s new tokenisation will mask your real debit and credit card numbers before making payments

Google Pay’s new tokenisation will mask your real debit and credit card numbers before making payments
Google launches tokenisation of debit and credit cards for Google Pay in IndiaGoogle

  • Google announced that its bringing tokenisation of credit and debit cards to Google Pay during their annual event, Google for India 2019.
  • This will allow users to mask their real card numbers when making payments to third party merchants using Google Pay.
  • Tokenisation shares a random token number rather than the actual number of the card to conduct the transaction.
Google Pay’s is finally bringing its tokenisation system to India — a feature which allows you to mask your real debit and credit card numbers before making a payment.

It was launched in India four years after it was available worldwide. Yet, Caesar Sengupta, Google’s General Manager and Vice President of Payments and Next Billion Users stated, “India is setting the global standard on how to digitise payments,” during the Google for India 2019.

Tokenisation allows users to hide their card numbers by issuing a digital token bound their devices, to make a transaction. Once the transaction is complete, the token ceases to exist.

It’s a lot like exchanging money for tokens at a casino, according to Advantio — a cyber security research organisation.

A visitor is the only person who can exchange their money for tokens and vice versa. Should someone else try and use that token — they would not be able to at another casino.

Advantio calls this ‘devaluation’ since it deters crime and limits the thief’s field of action.

How does tokenisation work?

There are two ways in which tokenisation works.

One, is the tap and pay method. Users just have to tap their phones against a Bharat QR or near field connectivity (NFC) terminal to make a payment. If the transaction in under ₹2,000, there’s no need to input their PIN number.

In order for this to work, the user’s smartphone needs to be NFC-capable.

Even for online transactions, tokenised cards can be used to make payments without disclosing the user’s card number to the vendor or merchant through Google Pay. Only the randomised card number is shared.

Each token is unique to the card number that it represents.

The randomisation of numbers happens on the user’s mobile device itself, which has an encryption key in memory, that is used to generate and decrypt limited-use and single-use keys.

According to Google, this makes the process more secure by adding a layer of security.

The feature will initially roll out for VISA cards with HDFC Bank, Axis Bank, Kotak, Standard Chartered, and the State Bank of India (SBI).

Later this year, Google will add more banks, RuPay and MasterCard to the process.

See also:
Google is adapting its technology for India and its many languages

Google Pay for Business and Google Spot launched to digitise small business owners

Data starved Indians in remote areas can now call the Google Assistant hotline