Reserve Bank of India has tells every merchant and payment gateway to delete all sensitive customer data available on their end in order to make payments more secure. Under this new rule, which is to be implement from 1st January, 2022, merchants have to us encrypt tokens to make transactions.
Banks have also starts to notify customers about the new guidelines mandated by the RBI.
HDFC bank Said in an SMS last week, as per reports :
What is New RBI Rule?
In a notice issue in September 2021, the RBI Said :
What is Tokenisation?
Tokenisation refers to replacement of actual card details with an alternate code calls as the “token”, which shall be unique for a combination of card, token requestor i.e. the entity which accepts request from the customer for tokenisation of a card and passes it on to the card network to issue a corresponding token) and device (referred hereafter as “identified device”.
The card holder can get the card tokenise by initiating a request on the app provide by the token requestor.
The token requestor will forward the request to the card network which, with the consent of the card issuer, will issue a token corresponding to the combination of the card, the token requestor, and the device.
What do You Need to do from 1st January, 2022?
When you start purchase of an item with a merchant, the merchant will initiate tokenisation.
Then it will ask for your consent to tokenise your card.
When you give consent, the merchant will send a tokenisation request to the card network.
The card network will then create a token, which will act as a proxy to your 16-digit card number, and send it back to the merchant.
The merchant will save this token for future transactions.
You will also have to enter your CVV and OTP like before to approve transaction.
If you want to use another card, the same process is to be follow again.
Is it Safe to do Card Tokenisation?
Actual card data, token and other relevant details are store in a secure mode by the authorise card networks.
Token requestor cannot store Primary Account Number (PAN), i.e., card number, or any other card detail.
Card networks are also mandate to get the token requestor certified for safety and security that conform to international best practices / globally accepted standards,” as per RBI website.
If you save your card details in a encrypt manner, it will prevent cyber frauds.
In fact, some merchants force their customers to store card details.
Availability of such details with a large number of merchants substantially increases the risk of card data being stolen, as per RBI press release.
THANK YOU FOR READING.