Debit and Credit card rules change: The Reserve Bank of India (RBI’s) card-on-file (CoF) tokenisation norms will come into effect from October 1, 2022. According to the RBI, the new tokenisation system will improve the cardholders’ payment experience and also make it safer and more convenient. Debit and Credit card rules change from October 1: check new rules.
The Reserve Bank of India (RBI) also informed that, after the implementation of the tokenisation norms, the customers’ credit card and debit card details – used in online, point-of-sale, and in-app transactions will be stored as an ‘encrypted’ token in order to ease the transaction process. The new tokenisation guidelines were scheduled to come into effect from July 1, but the deadline was pushed to September 30.
If media reports are to be believed, most of the large merchants have complied with the RBI’s card-on-file (CoF) tokenisation norms and 19.5 crore tokens have been issued so far. The RBI last September prohibited merchants from storing customer card details on their servers with effect from January 1, 2022, and mandated the adoption of CoF tokenisation as an alternative to card storage.
CoF refers to credit or debit card information stored by payment gateway and merchants to process future transactions. To create a token, the card-holders have to undergo a one-time registration process for all their cards at every e-commerce website. By entering the card details and saving, the cardholder gives consent to create a token.
This consent is then validated by way of authentication through an additional factor of authentication (AFA). Thereafter, a token is created which is specific to the card and e-commerce merchant. That token cannot be used for payment at any other merchant. After creating the token, the cardholder can identify the card with the last four digits during the checkout process during all future transactions at the same merchant’s website.
Thus, the cardholder is not required to remember or enter the token for future transactions. A tokenised card transaction is considered safer as the actual card details are not shared with the merchant during transaction processing. Once the card-on-file (CoF) tokenisation norms are implemented, platforms won’t be able to store the card details of a shopper in any form.