Should you save your debit, credit card on Amazon, Flipkart, e-commerce sites? Know all about RBI's tokenization rule

Do you shop online through e-commerce platforms like Amazon, Flipkart and Paytm? Are these platforms prompting you to save/secure your card details on their site whenever you buy anything? This is happening as the Reserve Bank of India has made certain changes in rules related to online payments using debit and credit cards and the new rules will come into effect from October 1. The changes are aimed at making online payments safe, secure, convenient and affordable. Under the new rules, the banks will have to create tokens for card details. This token will mask the sensitive card details.

The process known as tokenisation mandates masking of sensitive data like owner's name, 16-digit card numbers, expiry dates, three-digit CVV code with an unique alternate number referred to as token.

So, irrespective of the fact that whether your are shopping from an e-commerce site for the first time or your card details are already there and you are required to enter only CVV, these platforms will be asking for your permission to store details of your card because from October 1, all saved card details will be removed from these platforms. After that, each time you will head to these e-commerce sites for any purchase, you will be required to enter every single detail manually in case you have denied them the permission.

Also Read: Moonlighting: Now THIS business magnate backs Wipro; brushes aside comparison with Swiggy

At present, card details of customers except CVV gets saved on the e-commerce platforms whenever they make any purchase using the card. However, once the rules come into effect, platforms won't be able to store the card credentials in any form.

Amit Kumar, Chief Technology Officer & Executive Director, Easebuzz, said that tokenization as a technique is a reform that will go a long way in enhancing the security of online transactions.

"Now while consumers enter all the card details on the merchant's website, they receive an option -secure your card as per RBI guidelines. Consumers have to opt for this option to generate a token. The customer will receive an OTP on the mobile device or email from the card issuer. The OTP is entered on the bank page and the card details are sent for transaction authorization and token generation. The token is sent back to the merchant, who then stores the token against the consumer data i.e either their mobile number or email," said Kumar.

Also Read: Did your SIM stop working? Know how your simple mistake helps scammers siphon off money from your bank account
 
Experts said that this whole process requires the consent of the consumer which makes it an essential service that every consumer should avail to protect their data that might be exposed if not tokenized.
 
“Tokenization will be striking a perfect balance between data security and user experience. RBI with its recent guidelines has made it understandable that banks or FINTECH players will have to create tokens for card details either credit or debit cards. The mandate enforces masking of sensitive credentials such as 16-digit card numbers, expiry dates, etc," added Kumar.

Experts said that tokenisation will help in securing the details of the customers. They said that now banks and processors will be responsible for securing card data. Since the token generation will be irreversible and the masking number will be unique, it will be impossible to reverse the payment process to procure card details, they said.

The RBI's new guidelines will also help reduce payment related disputes and fraud transactions. 

With RBI’s new guideline mandating tokenization on merchant applications, customers can continue to experience convenience, and can make transactions through tokenized cards, which won’t expose the confidential data to merchant applications. It also adds an extra layer of security, as the tokenization and detokenization can only be performed by the authorized card networks VISA, Mastercard, Rupay etc.

"Customers have the choice to save or to not save card details through tokenization, though it is recommended to opt for tokenization for better safety & security,” said Kumar.