Advertisement
photoDetails

New credit, debit card rules from 01 January 2022: Know how it impacts your transaction process

Reserve Bank of India has mandated that from 01 January, 2022, merchants will not be able to store card information of users. Here is what it means for you.

RBI new mandate on credit, debit cards

1/5
RBI new mandate on credit, debit cards

In a bid to ensure security of credit, debit card data, the Reserve Bank of India (RBI) has mandated that from 01 January, 2022, merchants will not be able to store card information of users and will have to replace each card number with a randomised token number. This means, from 01 January 2022, cardholders may have to enter their 16-digit card number every time they shop online as opposed to entering the one-time password (OTP) and card verification value (CVV).

RBI new mandate on tokenization from January 1

2/5
RBI new mandate on tokenization from January 1

The RBI in September prohibited merchants from storing customer card details on their servers with effect from January 01, 2022, and mandated the adoption of CoF tokenization as an alternative to card storage.

How RBI tokenization mandate affects users

3/5
How RBI tokenization mandate affects users

RBI has enhanced the scope of tokenisation and permitted card issuers to act as token service providers (TSP). The RBI extended the device-based tokenisation to card-on-file tokenisation (CoFT) services, a move that will bar the merchants from storing actual card data.

Tokenization with explicit customer consent

4/5
Tokenization with explicit customer consent

The tokenisation of card data shall be done with explicit customer consent requiring Additional Factor of Authentication (AFA).

What is tokenisation service?

5/5
What is tokenisation service?

Under tokenisation services, a unique alternate code is generated to facilitate transactions through cards. Based on the set of guidelines that have been mandated by the RBI, sensitive customer information is to be stored in the form of an encrypted `token` to help secure transactions. These tokens then allow payments to be processed without disclosing the customer details or allowing the payment intermediaries to store customer data that could breach security and privacy.