BOOM

Trending Searches

    SUPPORT
    BOOM

    Trending News

      • Fact Check 
        • Fast Check
        • Politics
        • Business
        • Entertainment
        • Social
        • Sports
        • World
      • Law
      • Explainers
      • News 
        • All News
      • Decode 
        • Impact
        • Scamcheck
        • Life
        • Voices
      • Media Buddhi 
        • Digital Buddhi
        • Senior Citizens
        • Videos
      • Web Stories
      • BOOM Research
      • BOOM Labs
      • Deepfake Tracker
      • Videos 
        • Facts Neeti
      • Home-icon
        Home
      • About Us-icon
        About Us
      • Authors-icon
        Authors
      • Team-icon
        Team
      • Careers-icon
        Careers
      • Internship-icon
        Internship
      • Contact Us-icon
        Contact Us
      • Methodology-icon
        Methodology
      • Correction Policy-icon
        Correction Policy
      • Non-Partnership Policy-icon
        Non-Partnership Policy
      • Cookie Policy-icon
        Cookie Policy
      • Grievance Redressal-icon
        Grievance Redressal
      • Republishing Guidelines-icon
        Republishing Guidelines
      • Fact Check-icon
        Fact Check
        Fast Check
        Politics
        Business
        Entertainment
        Social
        Sports
        World
      • Law-icon
        Law
      • Explainers-icon
        Explainers
      • News-icon
        News
        All News
      • Decode-icon
        Decode
        Impact
        Scamcheck
        Life
        Voices
      • Media Buddhi-icon
        Media Buddhi
        Digital Buddhi
        Senior Citizens
        Videos
      • Web Stories-icon
        Web Stories
      • BOOM Research-icon
        BOOM Research
      • BOOM Labs-icon
        BOOM Labs
      • Deepfake Tracker-icon
        Deepfake Tracker
      • Videos-icon
        Videos
        Facts Neeti
      Trending Tags
      TRENDING
      • #Operation Sindoor
      • #Pahalgam Terror Attack
      • #Narendra Modi
      • #Rahul Gandhi
      • #Waqf Amendment Bill
      • #Arvind Kejriwal
      • #Deepfake
      • #Artificial Intelligence
      • Home
      • Explainers
      • RBI's Card Tokenisation Mandate: 5...
      Explainers

      RBI's Card Tokenisation Mandate: 5 Things You Need To Know

      The new rules kick in from Jan 1, where users will either have to 'tokenise' their cards, or enter their details manually

      By - Mohammed Kudrati |
      Published -  22 Dec 2021 4:53 PM IST
    • Boomlive
      RBIs Card Tokenisation Mandate: 5 Things You Need To Know

      According to guidelines of the Reserve Bank of India (RBI) that kick in from January 1, 2022, consumers will either have to 'tokenise' their credit and debit card details on the merchant websites that they transact with, or enter the card details manually every time they transact. These guidelines were issued in September by the RBI to improve transactional security.

      As per these guidelines, card details cannot be stored on a third party merchant portal (like Flipkart, Amazon, Myntra, Swiggy, Zomato etc.), but only by the issuing authority (like a bank) and/or the card network (like Visa, RuPay, American Express and Mastercard). Once implemented, all existing card data on these merchant sites either need to be tokenised or deleted.

      Prominent e-commerce websites and online stores that keep credit card information with them have already begun nudging their customers to tokenise their card details with them.

      Though these guidelines will come into effect from January 1, 2022, some news reports suggest that the RBI is considering an extension for the same.

      Here are 5 things you need to know about tokenisation, what it means and how to go about securing your card on these websites.

      1. What is tokenisation?

      Tokenisation is a way to secure card information that is stored on merchant websites.

      Currently, for any online transaction through a debit or credit card, the following details are required for :

      • A 16 (or 15) digit credit card number
      • An expiry date
      • The name of the holder of the card
      • The CVV number on the back

      Under the new mandate, all these details will instead will be stored as a 'token' of random digits. These tokens will be unique for a combination of the card details, the token requestor (which is the third-party app or device that processes payments) and the merchant, according to the RBI.

      Therefore, a single card may have multiple tokens associated with it across multiple merchants.

      It also must be noted that tokenisation is not automatic and needs the express consent of the concerned user.

      "Registration of card on token requestor's app shall be done only with explicit customer consent through Additional Factor of Authentication (AFA), and not by way of a forced / default / automatic selection of check box, radio button, etc", says the RBI guidelines.

      Should a consumer not choose to tokenise their details with a merchant, they will have to manually enter the above-mentioned details for every card transaction.

      2. What changes will take place by this mandate?

      As per the RBI's guidelines, nobody except issuers of cards and the card network can directly store card details.

      "With effect from January 1, 2022, no entity in the card transaction / payment chain, other than the card issuers and / or card networks, shall store the actual card data. Any such data stored previously shall be purged", says the guidelines.

      However for compliance, transaction tracking or reconciliation, entities are permitted to store the last four digits of the card number.

      3. How does tokenisation alter the data stored with the merchant?

      At present, all the relevant credit card data is stored with the merchant. To complete a typical transaction using debit or credit cards, a user has to enter the CVV number, followed by a one-time-password or additional password by the the card network (Verified by Visa, Mastercard Secure etc.), which is called Additional-Factor-Of-Authentication (AFA)

      Post tokenisation, only a token of such data will be stored by the merchant and will be shared with the card network at the time of transaction. The additional verification by the card network through AFA will still be applicable.

      Once tokenised, the payment processes are not expected to be very different from the current user experience.

      4. Where is tokenisation applicable?

      Tokenisation needs to be done across merchants and devices. Initially, in 2019, when the concept of tokenisation was first spelt out, the RBI mandated tokenisation for transactions through mobile phone and tablet devices, but in August this year extended it for transactions through consumer devices like smart watches, laptops, desktops, all sorts of wearables and internet-of-things (IoT) devices.

      This also means that consumers would have to tokenise their cards with the merchants that they choose individually.

      Fresh tokenisation is also applicable to existing credit cards which will be potentially re-issued or renewed.

      5. How can I tokenise my cards right now?

      The tokenisation process depends on merchant readiness and is merchant-specific. Most merchants are laying the instructions on how to tokenise cards on their website.

      Some merchants like Swiggy, Zomato and Cred are conducting a transaction of a nominal amount (₹1 - ₹2) to secure the card, which they are immediately refunding. Such transactions need to be verified by AFA.

      A merchant like Amazon is offering users the option to tokenise their cards mid-payment.

      A "secure card" feature, or a feature with similar terminology is being offered by merchants in the section of their app or website that has payment information for a user. Once secure, merchants are prominently displaying the fact that a particular card has been secured with them.

      Users of credit or debit cards should directly consult the merchant concerned for tokenising their cards.

      The RBI's guidelines on tokenisation can be found here.

      Also Read: RBI Announces UPI For Feature Phones & On-Device Wallets For Payments


      Tags

      TokenisationVisaMastercardAmerican ExpressReserve Bank of IndiaRBIAmazonSwiggyZomato
      Read Full Article
      Next Story
      Our website is made possible by displaying online advertisements to our visitors.
      Please consider supporting us by disabling your ad blocker. Please reload after ad blocker is disabled.
      X

      Subscribe to BOOM Newsletters

      👉 No spam, no paywall — but verified insights.

      Please enter a Email Address
      Subscribe for free!

      Stay Ahead of Misinformation!

      Please enter a Email Address
      Subscribe Now🛡️ 100% Privacy Protected | No Spam, Just Facts
      By subscribing, you agree with the Terms & conditions and Privacy Policy connected to the offer

      Thank you for subscribing!

      You’re now part of the BOOM community.

      Or, Subscribe to receive latest news via email
      Subscribed Successfully...
      Copy HTMLHTML is copied!
      There's no data to copy!