The Reserve Bank of India (RBI) has required that all credit and debit card data used in online, point-of-sale and app transactions be replaced with unique tokens by September 30, 2022.
The higher security level of tokenization will improve the payment experience for cardholders. Your card details will be stored as an encrypted ‘token’ to help customers make secure transactions.
These tokens will allow the payment to be made without disclosing the customer’s details. RBI guidelines mandate replacing the original card data with an encrypted digital token. Thanks to tokenization, your debit and credit card transactions will be safer and more convenient.
Additionally, it will improve cardholders’ online transactional experiences and protect your card information from online fraudsters.
The RBI has created new regulations to protect customers in response to unsafe online practices.
According to the RBI, “Tokenization refers to replacing the actual card details with an alternative code called the ‘token’, which must be unique for a combination of card, token applicant (i.e. the entity that accepts a customer request for the tokenization of a card and transmits it to the card network to issue a corresponding token) and device (hereinafter referred to as “identified device”)”.
To simplify payment, credit card information such as number, CVV, and expiration date are frequently stored in merchant databases. But there are security risks associated with this data.
Some websites’ data storage systems have already been compromised and exposed to the public.
Debit or credit card information may not be stored by any entity other than card issuers or networks, in accordance with guidelines issued by the RBI. It is necessary to delete all data already stored.
The tokenization system is completely free and provides a smoother payment experience while securing card data.
Additionally, tokenization only applies to domestic online transactions.
The new debit and credit card rules were due to come into force on July 1, 2022, but were extended after receiving a series of representations from different industry bodies.
The Reserve Bank of India (RBI) has again extended the deadline for the debit and credit card tokenization rule to September 30.
Here are the ways to generate tokens:
Step 1: To make a purchase and begin a payment transaction, visit any e-commerce website or application.
2nd step: Choose your card. Enter your debit or credit card details and any additional information during checkout.
Step 3: Secure your card. Tokenize your card according to RBI guidelines or choose the option “secure your card according to RBI guidelines”.
Step 4: Allow token creation. To complete the transaction, enter the OTP that your bank sent to your mobile phone or email.
Step 5: Create a token. Your card data has been replaced by a token which has been produced and stored.
Step 6: To help you recognize your card when making a payment, the last four digits of your card on file are displayed when you visit the same website or app again. In other words, your card has been tokenized.
Are there any risks?
Although the Reserve Bank said the new process is “more secure”, there could be “other security risks” involved.
“With card tokenization, sensitive card data is replaced with tokens and no real data is stored anywhere other than at the issuer, card network and customer. Implementing tokenization adds complexity to the existing IT structure as transaction processing will become more complicated and comprehensive,” said Murari Sridharan, Chief Technology Officer, BankBazaar.com.
“Tokenization does not eliminate all security risks, but it does greatly reduce the potential for data breaches, especially from third-party applications,” he added.