Online shopping or online payment is now a part of our lives. We all use credit cards and debit cards for shopping. Now RBI has regulated new rules on credit and debit card transactions, which will be effected from January 1, 2022. What are the new credit and debit card rules w.e.f 2022?
New credit and debit card rules w.e.f 2022
When we do any online payments, all our card details get stored with merchants. Considering the security, RBI (Reserve Bank of India) has asked all merchants to purge all the stored data of customers. RBI has initiated a tokenisation system to make online payments more safer and secure. This rule will be effective from 1st January 2022.
HDFC bank has already informed its customers either to opt for tokenisation or not for online payments. If any customer does not opt to tokenise his/her cards, then he/she have to enter full details of the card on the merchant site for every payment.
- The new rule is known as CoFT (Card on File Tokonisation)
- W.e.f from 1st January 2022, Authorised Payment Aggregators or merchants shall not store customers’ card details.
- Card issuer will provide token service. They will be known as Token Service Providers (TSPs). Only the same TSPs can be able to detokonise card data.
- Entities can store last 4 digit of actual card number and card issuer name for transaction tracking and reconciliation purposes.
- The token will be unique for combination of card, token requester and merchant.
- Merchant shall give an option to customers to detokonise.
What is Tokenisation system?
Tokenisation is a process in which you will use a token instead of providing your full card details to merchants. A token is an alphanumeric number and it is an alteration of your actual card details. Token will be generated by an algorithm and transaction will be done without your card’s 16 digit number. So it will improve the data security.
Previously, we had to enter 16 digit card number, card holder name, and expiry date for performing online payments. The Merchant stores these data for future reference. Next time when we perform transactions with the same merchant, then we only need CVV and otp.
But now, When we start any online payment with merchant, the merchant will ask our consent to tokonise the card. The tokenisation request will be sent to the card network and the card network will create a token of our card and will send it back to the merchant. This token will be the same for the next time with the same merchant with the same card. The merchant can also ask us to detokonise. For different merchants or with different cards, tokenisation should be done again. The transaction is approved with CVV and OTP.
Is tokenisation system secure?
With tokenisation, card details are saved in an encrypted manner. Due to encryption of card details, the risk of fraud can be minimized and tokenisation system is more secure than present transaction system.