Are you using a credit card and debit for payment then the information is really important for you. Actually, the Reserve Bank of India issued a new rule for card payment. Now anyone can make card payments like on Flipkart, Amazone, Swiggy, Zomatoo, OLA, OTT platforms or any third-party app with submitting their Credit or Debit card details. Instead of share card details, you can share a toke number to complete payment.
Demand of Tokensation rule
Digital payments have soared during the pandemic, along with the advancement of technology. However, such development also carries a threat and other security concerns. When it comes to digital payments, RBI follows the safe, secure, simple and fast mantra to facilitate the growth of a strong and vibrant payments industry ecosystem. Especially with more and more Indians going online and using digital payments as the primary means for effecting transactions, fraud and security have become a paramount concern. The RBI has taken several steps to mitigate these kinds of risks. Recently the RBI has even brought in regulations to check these threats and make the payment environment safe for customers.
On 7th September 2021, the RBI issued a circular saying, “ With effect from January 1, 2022, no entity in the card transaction or payment chain other than the card issuers and or card networks, will be able to store the actual card data. Any such data stored previously will be purged.”
Additionally, for transaction tracking or reconciliation purposes, e-commerce entities can store limited data such as the last four digits of the actual card number and card issuers names- in noncompliance with the RBI applicable standards.
Customers will not have to input their credit card details on e-commerce sites they frequent even after the RBI rule barring storage data of cards by merchants kicks in from January 1, 2022.
Fast checkouts can continue with the RBI permitting card-on-file tokenisation. This facility allows customers to ask their banks to issue tokens to the online merchants in place of the card details. Tokenisation will enable subsequent payments without the card details.
About tokenisation
When you use your debit or credit card for a transaction then the transaction is based on the execution of information like 16- digit card number, the card expiry date, the CVV as well as the one-time password or transaction PIN. In fact, a transaction is successful only if all these variables are entered correctly for a specific transaction.
Tokenisation refers to the replacement of actual card details with a unique alternate code called the “token”. This token is unique for each combination of card token requester and device.
How secure is the token?
If a fraudster gets hold of the token details, they cannot be used for payment as it would not be coming from the registered device. Also, tokenisation would still require two-factor authentication. Even if hackers breach an e-commerce site, all they can get is a token that cannot be used by anyone else. As against this, a breach today will provide them with the full card details that are accepted for payment in some countries without an OTP.
On which devices tokenisation will work
RBI had last month had extended the scope of ‘tokenisation’ card payment services to several consumers devices including laptops, desktops, wearables like wristwatches bands and the Internet of Things in addition o mobile phones and tablets.