The Reserve Bank of India’s card-on-file (CoF) tokenisation norms have come into effect from October 1, 2022. The rules for online payments using credit and debit cards have changed with this. The new rules expect to improve the payment experience of cardholders. It is said to provide a safe and hassle-free payment mode to both shoppers and merchants.
What are the new rules? As per the new norms, businesses or payment aggregators cannot save customer card details on their platforms. Only card networks or issuing banks can save card details.
Tokenisation replaces sensitive information such as card number, and card expiry date with a card token which is cryptographically generated. At first, the shopper will have to enter entire card details when shopping. Once the purchase process begins, the merchant will start tokenisation. The customer will be asked to issue consent to tokenise the card. Once the consent is received, the merchant will put a request to the card network. The network will create a token which will act as a proxy card number. This will be sent back to the merchant. The merchant will save this token for future transactions. Since then, they will have to enter CVV and OTP for approval like before.
The new norms will have minimal impact on customers. RBI assures that, in the long run, this process will ensure that the personal sensitive data of customers will remain protected. When it comes to merchants, they don’t have to save cards on their own servers. This reduces their liability in terms of attacks and hacking. Moreover, associating with payment gateways will provide ready-made solutions for merchants to accept card payments. The feature is available on consumer devices like mobile phones, tablets, laptops and wearables.