The RBI last year issued debit card and credit card tokenisation guidelines whereby merchants were prohibited from storing the data of customers’ cards
Debit, Credit Card Tokenisation: From next month, every Indian who does online transactions using a debit or credit card will have to remember their card details every time they make a payment as these rules are going to change from July 1. From this date, the Reserve Bank of India, or RBI, which is in charge of setting banking rules in the country, is implementing the card tokenisation rule, whereby if a customer does not tokenise his or her credit card and debit card, will have to enter the details every time they make a payment online.
Read more: RBI lifts restrictions on Mastercard, allows it onboard new customers
RBI to Implement Card Tokenisation from July 1?
The RBI last year issued debit card and credit card tokenisation guidelines whereby merchants were prohibited from storing the data of customers’ cards on their servers. This was to protect and secure customer data. The central bank mandated the adoption of card-on-file (CoF) tokenisation applicable to domestic online purchases. The deadline of the countrywide adoption to card tokenisation was extended by six months from January 1 to July 1 2022, to ensure a smooth shift from the current situation.
The RBI had previously announced the rule on March 17, 2020, wherein it asked merchants to put in their views on making a new payment system for the safety of cardholders in India. On December 23, the Reserve Bank of India issued a new notification on tokenisation, saying that the deadline had been extended.
However, this time, there will be no such extension as the payment ecosystem is by and large ready to implement the card tokenisation rule. “I really don’t think there is any need to speculate on whether or not the timeline will be extended. There are a few collateral issues that have come to our notice, which we will adjust as we go. These are new issues that crop up every time you shift a regime,” RBI deputy governor T Rabi Sankar had told reporters in a post MPC meet on June 8.
Read more: UIDAI plans to expand Aadhaar to cover a person’s entire lifecycle: Report
What Will Change Under New Rule?
Under the new rule, when you start purchase of an item with a merchant, the merchant will initiate tokenisation. It will ask for your consent to tokenise your card. Once you give consent, the merchant will send a tokenisation request to the card network. The card network will then create a token, which will act as a proxy to your 16-digit card number, and send it back to the merchant. The merchant will save this token for future transactions. You will also have to enter your CVV and OTP like before to approve transaction. If you want to use another card, the same process is to be followed again.
However, debit card and credit card tokenisation process is not mandatory and a customer can choose whether or not to let his / her card tokenised. In that case, the customer will have to re-enter all card details while purchasing anything online.