Websites store your payment details in a secure, convenient manner. Why tamper with that?

Dr Roshan Radhakrishnan
30

When was the last time you typed in a friend or loved one’s number into a phone from memory before hitting the dial button? I know it has been years in my case. And yet, I am old enough to remember an era before mobile phones existed when we used to pick up the telephone receiver and actually dial in each number individually (yes, kids! Such a world existed not too long ago.) Today, you just find the name of the person you wish to call in your contact folder, hit a single button and abracadabra, even though you don’t know three out of ten digits from their mobile number, you are connected to them every time instantly without fail. Just the thought of dialing ten digits every single time you want to make a phone call seems laborious now, does it not?

The simple fact is that technology improved as the years passed by and made our lives simpler in a million different ways. I remembered this earlier this week while helping my parents set up their accounts for purchasing items via online sites. While the sheer number of options at popular websites left them as giddy as kids in a candy store, there were plenty of doubts too. One key doubt which they had was, of course, related to payments online.

Was it safe?
Should we really type in our entire card number?
Can anyone else see our credit card data?

Websites store your payment details in a secure, convenient manner. Why tamper with that?

For a generation that has grown up on cheques and cash transactions during their heyday, the concept of paying by giving details of one’s credit and debit cards to a website can be unquestionably intimidating. More so when you tell them that the websites store your payment details.

PCI DSS

I get their apprehensions. It is a common fear for most of us. The best of these online portals deal in thousands of transactions an hour at the bare minimum. The trust the public has in these online transactions comes from the highest security that these websites offer. Globally, these portals follow the Payment Card Industry Data Security Standards (PCI DSS) to ensure the safety of all data provided by their customers. It is their gold standard. 

Do not take my word for it, of course. 
Just as I know the curries from two different restaurants differ in taste and ingredients, so too I am aware that online portals too can be different. So while websites store your payment details, unsafe websites may not encode your information and yes, phishing sites do exist. It makes it all the more important to focus on the most trusted websites.

So how can you know which web portal to trust?


Go to the online merchant you use most frequently and find the link to their privacy statement page (usually at the bottom of the page). Read up on what data they accumulate, how it is stored and the standards they follow to protect the data you store with them. Take the time to understand how important they value your trust in them.

For these e-commerce sites, your overall experience matters. In the end, they need you as much as you need them and they work hard to make sure you come back. They cannot afford to lose your trust with a goof-up and so even when these websites store your payment details, they take care to protect the data of their customers with the highest security possible. Irrespective of whether you do your purchase from a computer, mobile app or tablet, the security at the best online portals are geared to deal with ransomware attacks and malware.

When trusted online portals and websites store your payment details or save your credit card details, it should be seen for what it is – the next step in human convenience. 


Stored payment information allows for a smoother transaction and checkout as opposed to constantly reaching into your wallet for the physical card every single time to type in the 16-digit account number and multiple codes that follow. In a world where time is money, being able to complete my purchase with one click of a button matters. It makes the entire process a positive experience and one that I would look forward to again in the future. 

It also makes the Reserve Bank of India’s (RBI) recent stance short-sighted and arbitrary. The idea they are pushing for banning the storage of card data on e-commerce portals is a major step back for both the consumer as well as the sites, in my opinion. True, security matters but to punish all the sites including those who adhere to the highest global standards demanded by the PCI DSS is a gross unfairness.

Rules and regulations made must focus on the consumer as well as the e-commerce sites, offering a simple, secure, fast and pleasant experience. When websites store your payment details, it is for the convenience of the consumer. In banning the storage of data, the RBI instead ignores the safety measures taken by these portals while simultaneously affecting the consumer experience adversely. 

Typing a 16-digit card number every single time one wants to purchase an item online will only drive the public away from these sites. 


Having enjoyed a safe and satisfactory one-click purchase experience all these years at these trusted websites, to go back to typing 16 digits is as big a leap backward as going back to the era of dial-up telephones once more. This is a generation that walks out of a store leaving their grocery carts if they see long queues at the cash counter. Why would we ever want to create an online version of that?

Especially considering how much we hype our Digital India goals, steps like this need to be scrutinized more carefully and course corrections should be taken at the earliest. In a world where digital payments are now the norm, large-scale restrictions should be imposed only when there is no alternative available, which is not the situation here. You do not cut your nose to spite your face.

Frankly, the very purpose seems unclear at this point. If you claim this is about safety, then the standards set by the PCI DSS are globally acknowledged and accepted and India should be no different. If instead, it is about websites accessing the data stored by customers, then that is a matter for India’s data laws which are still in the process of being finalized. So then what was the need for such a step, at all?

'Tokenization'


The solution offered by the RBI is ‘tokenization’ of payment which basically means that these e-commerce sites would have to team up with card networks that will issue them ‘tokens’ linked to an individual card number, tokens that cannot be used by anyone else. The tokenization will create problems for returns/exchange as also for buying goods on EMI, it is not a fool proof system but a work in progress approach which the industry has to work together to fine tune it to make it workable. Any solution that gets tested on the public will create chaos and wholesale disruptions. 

Does this in any way sound convenient and simpler to you? It certainly does not to me. Why fix something that is not broken… and end up actually breaking it? 

At the end of the day, we want an easy, convenient and secure checkout process when we go in for purchases. The best online portals currently functioning in India all offer that. This is easily verifiable. 

One can only hope better sense prevails and the powers that be review their decisions and choose to make the lives of citizens better instead of crippling the digital e-commerce industry with no discernible solution in mind. 

Post a Comment

30Comments

Let me know what you think.

  1. The recent RBI ban was a pain! I had forgotten about all the recurring payments till reminders started buzzing on the phone. Needless to say it was Herculean task to renew everything. I find online payments so secure in fact I don't even keep cash with me anymore now. And a very well explained post Doc!

    ReplyDelete
  2. I need to know more about this definitely!I am in two minds about a lot if things and this post was very helpful in clearing up doubts.

    ReplyDelete
  3. While the recent changes maybe good from a security point of view when it comes to convenience, it's going to be a pain for most of the consumers. Nobody wants to type card numbers every single time, takes away the whole ease of shopping online. Very well articulated.

    ReplyDelete
  4. Typing all the information every time you purchase something is a hassle. Although it's good from security point of view, it can be inconvenience too. Great article.

    ReplyDelete
  5. It's best to make payments on websites with Pci DSS standards. People must read up about this. With PCIDSS, safety comes first and your card data remains safe.

    ReplyDelete
  6. Oh, this is going to be so cumbersome for the consumers. It certainly affects online business.

    ReplyDelete
  7. Amazon is a site I've trused with payment details. Your post is really good!

    ReplyDelete
  8. Storing payment details on trusted sites is indeed a much needed convenience.

    ReplyDelete
  9. I agree, I always felt save using payment options on sites I use such as Amazon.

    ReplyDelete
  10. I totally resonate with your post. Having to add details each time will drive away people.

    ReplyDelete
  11. I have felt safe shopping online. The new regulations are just going to make it more cumbersome.

    ReplyDelete
  12. This is a wonderful and well researched post. Most of us are curious about how websites process our payment details.

    ReplyDelete
  13. In a time when evrything is being made easy, this adds to confusion. Your post explains it all. So well written.

    ReplyDelete
  14. If shopping portals want customers then they must take care that payments are secure. After all they need us!

    ReplyDelete
  15. I didn't know how to check the processing of our card details on web portals. Thanks for making it easy for us

    ReplyDelete
  16. I was always wary of buying from online stores. But now that I know that most websites have secure payment gateways it's reassuring.

    ReplyDelete
  17. It was good reading reading the post and understanding about the payment gateways.

    ReplyDelete
  18. Didn't know about PCI DSS - thanks for this post, Roshan!

    ReplyDelete
  19. Thanks for this information on how to check if a payment gateway is legitimate.

    ReplyDelete
  20. Tokenisation is a wonderful solution to all this chat about payment gateways

    ReplyDelete
  21. It's correct that we should be cautious of false looking websites and should not share our card details.

    ReplyDelete
  22. Thank you Roshan for so much information about web portals storing our card details on their sites.

    ReplyDelete
  23. "Typing a 16-digit card number every single time one wants to purchase an item online is so cumbersome and unnecessary.
    "

    ReplyDelete
  24. Technology has improved our lives in so many ways. My grandmother is able to order groceries online all by herself!

    ReplyDelete
  25. It's true that we should check the authenticity of a website before adding our card details to it.

    ReplyDelete
  26. You are right that as much as we need them, they also need customers so they become responsible to store data.

    ReplyDelete
  27. My inlaws love shopping online! The current framework allows hassle-free shopping. Anything more than that, they will go back to offline model! Loved your post, thought-provoking and informative, as always!

    ReplyDelete
  28. Thanks for sharing this valuable information about Create Own Online Store . I have gone through your blogs and got meaningful information.

    ReplyDelete
Post a Comment