New Delhi: Under the new RBI guidelines, only card issuers and card networks will be able to store the card details of customers. All the merchants and payment banks will now have to remove these details from the system, which the central bank said have been compromised on several instances. Beginning January 1st, the merchants will have to switch over to a new way of transaction, called Tokenisation. It ensures that a transaction can take place without disclosing the cardholder’s account information to either the merchant or any of the intermediaries.
Tokenisation is the replacement of an actual or clear card number with an alternative code called the “token”. This token also consists of 16 digits, just like the typical credit card number. Note that UPI already uses tokenisation to secure transactions. Once created, the tokenised card details will be used in place of an actual card number for online purchases initiated by the cardholder. Now, the banks, merchants and other stakeholders are racing against time to comply with the new card data storage norms of the RBI. Nasscom and the Alliance of Digital India Foundation or ADIF are reportedly seeking a phased implementation of the tokenisation mandate, along with a minimum two-year timeframe for the transition.
Under the new rules, if you make use of recurring transactions using debit cards, credit cards and Unified Payments Interface, then you must undertake a one-time additional factor authentication for smooth auto-debit transactions. Failing this, payments, such as those to streaming services like Netflix and music apps like Spotify, will get cancelled. Also, if the recurring payment is above 5,000 rupees, then the cardholder must approve it with OTP-based authentication every time it is due for payment. Consumers are now being asked if they want their card details in a secured or tokenised format. While it is not mandatory for customers to get their cards tokenised, they can choose to do so to enjoy a seamless one-click checkout process in the future. If they don’t, they will have to manually type their 16-digit card number, CVV and expiry date each time they want to make a purchase online.