From the very first day of the new year, a major change is going to happen in the way of online shopping and digital payment through credit-debit cards. From January 1, a new rule of RBI is being implemented. As per this rule, the merchant website/app will no longer be able to store your card details and it will be deleted from the merchant website/app on which your card details are still stored.
In simple words, from now onwards, if you want to shop online with your debit/credit card or use the card for digital payment on any payment app, then the card details will not be stored. What happens now is that your card number is stored on the payment app or online shopping platform and you can make the payment by just entering the CVV and OTP. After the new change, you will either have to enter the complete card details including the 16 digit debit/credit card number or choose the tokenisation option. In this context, it becomes important to understand about card tokenisation.
What is Tokenisation?
In card tokenisation, the sensitive details of the card are converted into a token with a unique code. To make contactless payments through Point-of-Sale (POS) terminals, Quick Response (QR) codes these tokens will be used instead of the actual card information. The cardholder does not have to share his card details with any third party app. Earlier, by doing this, the user had to save the card’s data on these websites or apps, which there is a fear of theft. However, token service will depend on the wishes of the customers. There will be no pressure on them to take it nor will it be compulsorily enforced by the banks/card issuing companies. The Reserve Bank of India has allowed all card payment networks to offer token services. It has also been clarified that no fee should be charged from the customer for availing of this service.
Other things to know:
- According to the Reserve Bank of India, all detailed instructions for the security of card transactions and Additional Factor of Authentication (AFA) / security for PIN entry will also be applicable.
- The registration of any card for the token system will be done only after the specific consent of the consumer.
- As per RBI, the tokenization of cards and removal from the token system will be done by authorized card networks only.
- In this, the recovery of the original Permanent Account Number (PAN) can also be done only from the authorized card network.
- Further, the actual card data, token and other related details will be stored in a secure mode and token requesters are not allowed to store PAN or any other card details.
- According to RBI, the ultimate responsibility for card token services rests with the authorized card network.