New Delhi, First published Jun 11, 2022, 1:11 p.m. IST
The Reserve Bank of India (RBI), as the central bank of the country, is responsible for ensuring the safety of all Indians who engage in banking transactions. To keep consumers safe, the RBI established tokenization rules last year, which effectively prevented retailers from keeping customer card data on their systems. The implementation of card-on-file (CoF) tokenization for domestic internet purchases has been mandated by the central bank. To allow for a smooth transition from the existing situation, the nationwide implementation deadline for card tokenization has been extended by six months, from January 1 to July 1, 2022.
The new law prohibits online businesses from storing your card data, and only your bank and card provider will have access to it. Under this scheme, a cardholder can have their card tokenized by making a request using the token requester app. The token requester will forward the request to the card network, which will issue a token matching the combination of card, token requester, and device with the agreement of the card issuer.
Read also | 5 Ways to Protect Yourself From Online Fraud When Using Credit Cards
This implies that when you start buying an item from a merchant, the seller will begin tokenization. It will ask for permission to tokenize your card. Following your approval, the merchant will send a tokenization request to the card network. The card network will then generate a token which will act as a proxy for your 16-digit card number and send it back to the retailer. This token will be saved by the merchant for future transactions. To approve the transaction, you will also need to enter your CVV and OTP. If you want to use another card, you must repeat the process.
However, this procedure is optional and a consumer can choose whether or not to have their card tokenized. In this case, the buyer will have to re-enter all the card information during an online purchase.
The RBI said that after June 30 or from July 1, credit and debit card data available from payment merchants will be erased. Customers who have not accepted the tokenization of the card will have to re-enter their card data each time they wish to carry out an online transaction. If a consumer accepts card tokenization, they will be required to do so explicitly and provide only CVV and OTP credentials when completing a transaction.
Read also | 4-day working week, change in PF contribution likely from July 1? Here’s what we know
The RBI had said that the new card tokenization requirement would come into effect on January 1, 2022. However, in response to merchant requests, it extended the deadline by six months, saying it would come into effect on July 1. As the deadline approached, payment merchants began sending reminders to customers about card tokenization. At a press conference after the announcement of the MPC meeting in June, RBI Deputy Governor T Rabi Sankar said the country’s payment ecosystem was ready to embrace change.
Last updated Jun 11, 2022 1:11 PM IST