Payment gateways, merchants, payment aggregators and acquiring banks will not be able to store customer card details from July 1 as the Reserve Bank of India (RBI) has announced the introduction of tokenisation of card transactions.
This means that all online, point-of-sale, and in-app transactions made by credit and debit cards must be replaced by unique tokens by June 30, 2022.
What is Tokenisation?
Tokenization is a process by which card details are replaced by a unique code or token, which is generated by an algorithm, allowing online purchases without sharing details that might be considered sensitive.
The central bank has also advised the industry to create a mechanism to avoid the storage of customer data for other application areas such as dispute resolution and reward/loyalty programmes.
Earlier in March 2020, the central bank said that payment aggregators and merchants onboarded by them will be prohibited from storing card details of customers to improve data privacy and protect against fraud in online transactions. The initial deadline was June 2021. But the industry sought time and the RBI set a new deadline of January 1, 2022. That deadline too has been extended to June 30, 2022.
Why RBI introduce Tokenisation?
RBI brought in new rules to enhance the security of online transactions done using debit and credit cards. It wanted to end the practice of online merchants storing card details of customers, which the central bank believed could lead to card misuse by fraudsters.
For example, customers often store their card data on e-commerce sites and food delivery Apps. Since these websites and apps contain data of debit-credit cards of consumers, so they can use it for their personal gains. For consumer protection, RBI has come up with tokenisation to protect the financial data of consumers and misuse of cards details by fraudsters.