The Reserve Bank of India issued some changes regarding online payments last year. In September 2022, the RBI asked all merchants and payment gateways to get rid of all available sensitive customer data and instead start implementing tokenization that’ll make online payments more secure.
The new rules will come into effect starting January 1, 2022.
As the due date approaches, banks have already started alerting customers about this change in online debit-credit card payment rules. For instance, HDFC, one of the leading private banks is sending text messages to its customers informing them about the new rule.
WHAT IS THE NEW RULE?
As per the new rule, merchants and payment gateways are prohibited from storing users’ sensitive card details on their websites and any existing details are to be erased permanently. The rule is aimed at making online payments safe and secure.
As an alternative, the RBI offered merchants and companies the option to tokenize transactions.
WHAT IS TOKENIZATION?
As per the existing methodology, for a transaction to be successful, the merchant required information consisting of the 16-digit card number, the card expiry date, CVV and an OTP or transaction PIN (in some cases).
Tokenization aims to replace the actual card number with an alternative code aka token.
A token will be unique for each combination of cards. A card user can get his card tokenized with a merchant or service provider by initiating a request on the respective app provided by the token requestor. As specified by the RBI, tokenization will help make online transactions more secure as merchants will not be completely clueless of the actual debit-and credit card details of a customer.
SO, WHAT CHANGES FROM JANUARY 1?
Starting January 1st, whenever you make the first payment to any merchant, you’ll need to consent to an additional factor of authentication (AFA). Subsequently, you’ll conclude the payment by keying in your card’s CVV and an OTP. A token will be saved by a merchant for future online card transactions.
It is to be noted that the tokenization process has to be done separately for different merchants-meaning you’ll have to create separate tokens for Netflix and Amazon.
RBI has also made it clear that the user need not memorize his 16-digit card number as he’ll not be required to enter it for each transaction as per the tokenization rule.
