To make online payments more secure, the Reserve Bank of India (RBI) has asked all merchants and payment gateways to delete sensitive data stored on customers’ cards. They have been asked to use encrypted tokens for carrying out transactions. This new rule of RBI will come into effect from January 1, 2022.
Banks started giving information
Banks have started telling customers about this. HDFC Bank has been sending SMS to its customers since last week saying, “Effective January 1, 2022! As per RBI order, your HDFC Bank card information saved on the merchant website/app will be deleted to enhance the security of the card.” To make payment, enter full card details each time or opt for tokenization.”
What did RBI say?
RBI issued guidelines in March 2020 stating that in order to promote data security, merchants will not be permitted to store card information on their websites. According to the new guidelines in September 2021, companies have been given time till the end of the year to comply with the rules and give them the option of tokenizing. All companies will have to comply with it from January 1, 2022.
What is tokenization?
When you use your debit or credit card for a transaction, the transaction is based on information such as a 16-digit card number, expiry date, CVV as well as a one-time password or transaction PIN. The transaction is successful only when all these information are entered correctly. Tokenization will convert the actual card details into a unique alternate code called “Token”. This token will always be unique depending on the card, token requester and device.
What will change from January 1, 2022 From
January, you will have to give your consent with Additional Authentication (AFA) whenever you make a payment. Thereafter, you will complete the payment by entering the CVV and OTP of your card.
Cardholders will do next month
> If you start shopping with a dealer
> will start Toknaijeshn merchant card based on your consent.
> Once, after your consent, it will send a request for tokenization to the card network.
> The card will generate a token as a proxy of the network card number and send it back to the merchant.
> For other merchants or paid separately card, Toknaijeshn must again.
> Merchant will save the token for later transactions.
> But your CVV and OTP will be required for the transaction.
Is card tokenization secure?
When card details are stored in an encrypted manner, the risk of fraud is greatly reduced. In simple language, when you share your debit/credit card information in token form, your risk is reduced.
What has RBI said?
Some merchants force customers to store card information. With a large number of merchants, the availability of such information increases the risk of card data theft. In recent times, there have been several incidents where card data stored by merchants has been leaked. Card data stolen through social engineering techniques can also be used to commit fraud.”
No need to remember 16-digit debit, credit card numbers The
Reserve Bank has said that there will be no need to input card details for every transaction under the token system. The Reserve Bank’s efforts to make digital payments more effective and secure will continue.