Guwahati: Keeping in mind the customers’ safety, the Reserve Bank of India (RBI) has decided to change debit and credit card tokenization rules effective from July 1.
As per the new card-on-file tokenization rules, online merchants will not be able to store customers’ card data.
The merchants were barred from storing customer card data in their servers, said RBI.
The RBI last year had issued debit and credit card tokenization rules, keeping in mind customer safety.
RBI had made the adoption of card-on-file tokens for domestic online purchases mandatory.
The deadline for the adoption of card tokens across the country was extended by six months from January 1, 2022, to July 1, 2022.
It will be stored as an encrypted “token” to help customers make secure transactions.
These tokens will allow payment to be made without disclosing customer details.
RBI guidelines make it mandatory to replace the original card data with an encrypted digital token.
Therefore from July 1, 2022, merchants will have to delete customers’ debit and credit cards’ data from their records.
The card tokenization system is not mandatory. Therefore if a customer has not given consent for tokenization of his or her card, then the customer will have to enter all card details like name, card number and card validity instead of entering the card verification value or CVV, every time while making an online payment.
At the same time, if a customer is agreeable to card tokenization, then he or she will only have to enter the CVV or one-time password (OTP) details while doing the transaction.
The tokenization system is totally free of charge and it provides a smoother payment experience while securing one’s card’s data.
Also, tokenization is only applicable to domestic online transactions.
According to RBI, registration for a tokenization request is done only with explicit customer consent through Additional Factor of Authentication (AFA), and not by way of a forced or default, or automatic selection of check box, radio button, etc.