What is RBI's new tokenisation norms and what it means for debit and credit card customers? Read on to find out
The rules for online payments for debit and credit cards will change from October 1 in line with Reserve Bank of India’s (RBI’s) vision of making e-payment options safe, secure, convenient, quick and affordable. The central bank has mandated banks to create tokens for card details.
Recommended ArticlesView All
Decoding multi-year health insurance policy — What is it and what are key benefits?
IST3 Min(s) Read
View | Pakistan Election: Will Imran Khan's changed tack from long march to resignations to snap poll work?
IST5 Min(s) Read
View | G20 Presidency: India can shape global Web3 narrative
IST6 Min(s) Read
The mandate enforces masking of sensitive credentials such as 16-digit card numbers, names, expiry dates and codes with an unique alternate card number ‘token’ and the process is known as tokenisation.
Here’s everything you need to know about the new rule:
Which card types will be impacted with this?
This mandate is applicable for all card types accepted by merchants, payment aggregators, fintech and PSPs.
What is currently happening?
When customers shop on an e-commerce site for the first time, they are asked to feed the 16-digit debit card number and then the CVV code. However, when they buy another item from the same platform, they can see that the site has already stored the 16-digit card number and they just have to put in the CVV and then the OTP is generated by the bank to make the purchase.
What will change now?
Platforms won't be able to store the card credentials of a shopper in any form.
With the new RBI order, a shopper will have to put in their entire card details when they shop for something. Upon receiving the consent, merchants can fetch the card token from the respective card scheme or issuing bank, and store the details for future use by the customer.
“For the end customer this process is completely transparent and similar to their earlier experiences. Behind the scenes, merchants now have to adopt to higher security standards of storing the card in a tokenized form,” said Ravi Battula, Vice President – Merchant Acquiring Business, Wibmo while talking to CNBC-TV18.com.
What is the benefit of tokenisation?
According to Prashant A Bhosle, Founder of Kuhoo Fintech, the new initiative will safeguard sensitive data while maintaining its business utility.
“With tokenisation, details of the customers will be secured. Hence, the regulator's intent is to address the issue by making card tokenisation compulsory. The onus of card security now lies on banks and processors, and not on merchants, which is now one of the major benefits to the industry, merchants and most importantly to the customers,” he said.
The tokens generated are irreversible and unique, making it impossible to reverse engineer the payment process to procure card details. They also minimise chargebacks, disputes and fraud, hence uplifting the consumer confidence on card payments helping the industry to increase consumer adoption.
"While customers may experience some disruption and friction in the initial stages, but for the long run, this is indeed a right measure towards making payments safe and secure in a scalable manner," Battula said.
What are the steps to tokenise cards?
Now, while consumers enter all the card details on merchant’s website, they will receive an option “secure your card as per RBI guidelines”. Consumer has to opt for this option to generate a token.
Meanwhile, the customer will receive an OTP on the mobile device or email from the card issuer. The OTP is entered on the bank page and the card details are sent for transaction authorisation and token generation. The token is sent back to the merchant, who then stores the token against the consumer data i.e either their mobile number or email.
This whole process requires the consent of the consumer which makes it an essential service that every consumer should be able to protect their data that might be exposed if not tokenized, said Amit Kumar - Chief Technology Officer & Executive Director, Easebuzz.
First Published: IST