RBI has extended the rules for online payments while using debit and credit cards to July 2022. RBI had earlier said that it will implement tokenization from January 1, 2022. Banks have started informing their customers regarding the new rules. How will the new changes affect people? Here are the details.
Assures safe online transactions
RBI has extended the date for tokenization after industry bodies, including Nasscom, requested RBI for the same. Merchant Payments Alliance of India (MPAI) and the Alliance of Digital India Foundation (ADIF) have voiced their concerns over the industry’s readiness for the tokenization process. The timeline to store card-on-file date has also been extended till June 30. After that, the data will be cleared.
The tokenisation programme is introduced by the RBI to make online payments safe and secure, without losing credit or debit card details and other sensitive data. The RBI has asked all merchants and payment gateways to remove sensitive customer card data saved at their end. Instead, they should use encrypted tokens to carry out transactions. In March 2020, RBI had issued guidelines saying that merchants will not be allowed to save card information on their websites to boost data security. The central bank had asked companies until the end of this year to comply with the regulations and offered them the option to tokenize. In a stern voice, the RBI had ordered all companies to purge saved credit and debit card data from their systems from July 2022.
Unique token
While doing the online transaction using a debit or credit card, the details of the card are gathered. Card number, the card expiry date, the CVV are usually asked while doing online transactions. Tokenization means the replacement of actual card details with a unique alternate code called the token. The companies offering card services should provide this code. The token is unique for each combination of card, website and device. There is no data breach using this and NCPI is coordinating this system.
From July onwards, while doing online transactions using a token, the customers will have to give their consent. The transaction will be completed using the OTP. Those who are not interested in the new system can opt for card transactions by giving details every time they use the card. For making payment to a different merchant or from a different card, tokenization is to be done again. For enhanced card security, tokenization is inevitable. But NASSCOM has asked the RBI not to implement tokenization very soon. Merchants also feel that the sudden implementation of tokenization should not be done as it will disrupt the digital payment system. It should be implemented through different phases. E-commerce giants such as Amazon and Flipkart can’t store the customer’s data once tokenisation is implemented.