BOOM

Trending Searches

    SUPPORT
    BOOM

    Trending News

      • Fact Check 
        • Fast Check
        • Politics
        • Business
        • Entertainment
        • Social
        • Sports
        • World
      • Law
      • Explainers
      • News 
        • All News
      • Decode 
        • Impact
        • Scamcheck
        • Life
        • Voices
      • Media Buddhi 
        • Digital Buddhi
        • Senior Citizens
        • Videos
      • Web Stories
      • BOOM Research
      • BOOM Labs
      • Deepfake Tracker
      • Videos 
        • Facts Neeti
      • Home-icon
        Home
      • About Us-icon
        About Us
      • Authors-icon
        Authors
      • Team-icon
        Team
      • Careers-icon
        Careers
      • Internship-icon
        Internship
      • Contact Us-icon
        Contact Us
      • Methodology-icon
        Methodology
      • Correction Policy-icon
        Correction Policy
      • Non-Partnership Policy-icon
        Non-Partnership Policy
      • Cookie Policy-icon
        Cookie Policy
      • Grievance Redressal-icon
        Grievance Redressal
      • Republishing Guidelines-icon
        Republishing Guidelines
      • Fact Check-icon
        Fact Check
        Fast Check
        Politics
        Business
        Entertainment
        Social
        Sports
        World
      • Law-icon
        Law
      • Explainers-icon
        Explainers
      • News-icon
        News
        All News
      • Decode-icon
        Decode
        Impact
        Scamcheck
        Life
        Voices
      • Media Buddhi-icon
        Media Buddhi
        Digital Buddhi
        Senior Citizens
        Videos
      • Web Stories-icon
        Web Stories
      • BOOM Research-icon
        BOOM Research
      • BOOM Labs-icon
        BOOM Labs
      • Deepfake Tracker-icon
        Deepfake Tracker
      • Videos-icon
        Videos
        Facts Neeti
      Trending Tags
      TRENDING
      • #Operation Sindoor
      • #Pahalgam Terror Attack
      • #Narendra Modi
      • #Rahul Gandhi
      • #Waqf Amendment Bill
      • #Arvind Kejriwal
      • #Deepfake
      • #Artificial Intelligence
      • Home
      • Explainers
      • RBI's Card Tokenisation Deadline Is...
      Explainers

      RBI's Card Tokenisation Deadline Is Sept 30: All You Need To Know

      Post the deadline, users of debit or credit cards will have to enter their details manually online, or 'tokenise' it

      By - Mohammed Kudrati |
      Published -  19 Sept 2022 6:46 PM IST
    • Boomlive
      Listen to this Article
      RBIs Card Tokenisation Deadline Is Sept 30: All You Need To Know

      Credit and debit card users will have to 'tokenise' their details online to conduct transactions by September 30, as per guidelines by The Reserve Bank of India (RBI). Post this deadline, online portals and merchants will be required to purge 'card-on-file' (CoF) data and card users will either have to tokenise their card details or enter it manually every time they wish to transact.

      As per these guidelines, merchants (like Swiggy, Zomato, Uber, Flipkart and Amazon) can no longer store CoF data, which they have been storing till now to facilitate card transactions. Only card networks (like Visa, Mastercard, RuPay or American Express) and the issuing authority (like a bank) can store data of these cards.

      These guidelines were issued in September last year. While it was supposed to come into effect from January 1 this year, the deadline has been extended thrice.

      Since last year, merchants have been nudging their customers to tokenise their cards with them. In June, the RBI again recommended that users tokenise their cards with their merchant websites.

      Here's all you need to know about the process.

      1. What is a 'token'?

      A token represents card data on merchant websites.

      Usually, for a card transaction to take place, the following details are needed:

      • A 16 (or 15) digit card number
      • The CVV number
      • The expiry date
      • The cardholder's name

      Once the card details have been 'tokenised', the merchant website will call the token for the card data, rather than the card data itself. These tokens will be random digits and will be unique for a combination of the card data, merchant and token requestor (like the app or device that processes the payment).

      Therefore, across multiple merchants, a single card may have multiple tokens associated with it.

      Further, tokenisation is not automatic and needs express user consent.

      "Registration of card on token requestor's app shall be done only with explicit customer consent through Additional Factor of Authentication (AFA), and not by way of a forced / default / automatic selection of check box, radio button, etc", says the RBI guidelines.

      Without tokenisation, users would have to enter their card details manually every time they are conducting transactions online. Tokenisation is possible even post the deadline of September 30. The transaction just won't be seamless and will require this extra step every time.

      2. Why is tokenisation important?

      Tokens based on card data can be only used by the appropriate merchant for which the token was created in the first place.

      In case of a leak or breach at any of the merchants, the token would be less prone to misuse than the actual data of the credit or debit card itself.

      Further, in its June circular, the RBI has said that there are several jurisdictions around the world who do not use Additional-Factor-Of-Authentication (AFA) (like Verified by Visa or Mastercard Secure) to verify their transactions. Leaked credit card data could also be used in these jurisdictions.

      3. How do transactions change under tokenisation?

      Currently, all relevant card data is stored directly with the merchant. For a transaction to go through, a user would have to additionally enter the CVV number (usually on the back of a card) and provide an extra code through AFA.

      After tokenisation, the same process follows. Except, rather than the merchant processing the data themselves, they are sharing the token associated with the card with the card network. Users would still have enter a CVV number and provide an AFA code.

      Most merchants have said that no visible change would come to user experience post tokenisation, and the transaction process would remain the same.

      4. Where is tokenisation applicable?

      Tokenisation is applicable across merchants and devices. When the idea of tokenisation was first mentioned by the RBI in 2019, it was only applicable to mobile and tablet devices. However, in August last year, it was later extended to smartwatches, laptops and computers and all 'internet of things' devices.

      Users would have to tokenise their card details across each merchant individually.

      Fresh tokenisation is also applicable to cards that have been reissued or renewed.

      5. How do I tokenise my card details?

      Tokenisation depends on the merchant-readiness and varies across merchants. Each merchant usually has a dedicated section on their website or app to help users tokenise their cards.

      For example, merchants like Swiggy and Uber are prompting their customers to agree to tokenise their cards just before a transaction as well as from the payments page where the collective payment details of a user are stored.

      All users have to do is click on checkbox, or a similar action conveying their consent, to tokenise their card. For the process to go through, the merchant may charge a nominal amount (₹1 - ₹2) which they are immediate refunding. Usually, such merchants will seek user consent to save their card details under "latest RBI guidelines" or some similarly worded taxonomy to keep the card details saved with them.

      Merchants are using something called a "secure card" features, or a feature that is similarly worded to tokenise or validate cards with them. Once tokenised, merchants are prominently displaying when cards have been secured successfully.

      Cardholders should consult the appropriate merchant on how to tokenise their cards with them.


      Tags

      Reserve Bank of IndiaRBITokenisationAmazonAmerican ExpressVisaCredit CardDebit Card
      Read Full Article
      Next Story
      Our website is made possible by displaying online advertisements to our visitors.
      Please consider supporting us by disabling your ad blocker. Please reload after ad blocker is disabled.
      X

      Subscribe to BOOM Newsletters

      👉 No spam, no paywall — but verified insights.

      Please enter a Email Address
      Subscribe for free!

      Stay Ahead of Misinformation!

      Please enter a Email Address
      Subscribe Now🛡️ 100% Privacy Protected | No Spam, Just Facts
      By subscribing, you agree with the Terms & conditions and Privacy Policy connected to the offer

      Thank you for subscribing!

      You’re now part of the BOOM community.

      Or, Subscribe to receive latest news via email
      Subscribed Successfully...
      Copy HTMLHTML is copied!
      There's no data to copy!