The rules for online payments for debit and credit cards will change with the entry into force of the RBI Registered Card (CoF) Tokenization Standards from 1 October 2022. The new rules are expected to improve the experience payment for cardholders.
The deadline for tokenization guidelines was previously set for July 1, but it has been extended by three months to September 30. Most major merchants have already complied with the RBI CoF tokenization standards.
A number of entities, including merchants in an online payment chain, store card data, citing the convenience and convenience of cardholders. While this practice provides some convenience, storing card details with multiple entities increases the risk of data misuse.
According to the RBI, tokenization refers to replacing the actual card details with an alternative code called a “token”, which must be unique for a combination of card, token requester (i.e. the entity that accepts the client’s request for tokenization of a card and transmits it to the card network to issue a corresponding token) and device (hereinafter referred to as identified device).
This token – representing the customer’s card data – is stored in the merchant’s payment system and processes the transaction.
Benefit of tokenization
A tokenized card transaction is considered more secure because the actual card details are not shared with the merchant while the transaction is being processed.
UPI Lite, RuPay credit card on UPI, launch Bharat BillPay cross-border bill payments; this is how they will work
How can tokenization be achieved?
The cardholder can get the tokenized card by initiating a request on the application provided by the token requester. The token requester will forward the request to the card network which, with the agreement of the card issuer, will issue a token corresponding to the combination of card, token requester and device.
Can tokenization be enabled through a smartwatch or other similar devices?
Tokenization functionality is available on consumer devices such as mobile phones, tablets, laptops, desktops, wearables (wristwatches, bracelets, etc.), Internet of Things (IoT) devices ), etc.
Notice to ICICI Bank credit card users! Pay rent to cost more from this date
Impact on customers
Entities or Platforms will not be able to store a Buyer’s Card Credentials in any form. For example, when customers purchase from an e-commerce site for the first time, they are prompted for the 16-digit debit card number and then the CVV code. However, when they buy another item on the same platform, they can see that the site has already registered the 16 digit card number and they just have to enter the CVV, then the OTP is generated by the bank to make the purchase.
With the new RBI order, a buyer will have to enter all their card details when they buy something. Once customers start purchasing an item, the merchant initiates tokenization and requests consent to tokenize the card. Once consent is given, the merchant will send the request to the card network.
The card network will create a token, which will act as a proxy card number and send it back to the merchant. The merchant will keep this token for future transactions. Now they will need to enter CVV and OTP as before to give their approval.