To make online payments safe and secure, the Reserve Bank of India (RBI) asked all merchants and payment gateways to delete sensitive customer data on cards saved at their end and instead use encrypted tokens to conduct transactions Is. The new rule will come into effect from January 1, 2022.
Banks have started informing their customers about the changes. “Effective 1st Jan’22! Your HDFC Bank card details saved on the merchant website/app will be deleted by the merchants as per RBI orders to enhance the security of the card. Every time to make a payment, enter full card details OR Token option,” HDFC Bank said.
What did RBI say?
RBI issued guidelines in March 2020 stating that merchants will not be allowed to save card information on their websites to promote data security. It issued new guidelines in September 2021, giving companies a chance to comply with the rules and giving them the option of tokenizing by the end of the year.
RBI had ordered all companies in India to purge the saved credit and debit card data from their systems with effect from January 1, 2022.
What is tokenization?
When you use your card, debit or credit for a transaction, the transaction is executed on information such as the 16-digit card number, card expiry date, CVV as well as a one-time password or transaction PIN is based. In fact, a transaction is successful only when all these variables are entered correctly for a specific transaction. tokenization Refers to the replacement of the actual card details with a unique alternate code called “token”. This token is unique to each combination of card, token requester and device.
What will change from 1st January 2022
Since January, when you make the first payment to a merchant, you must give your consent with an additional factor of authentication (AFA). Once done, you will complete the payment by entering your card’s CVV and OTP.
What will cardholders have to do from next month
- You start shopping with a merchant
- The merchant initiates tokenization by asking for your consent to tokenize the card.
- Once, you consent, this card sends a token request to the network.
- The card network generates a token as a proxy of the card number and sends it back to the merchant.
- To pay with a different merchant or a different card, tokenization has to be done again.
- The merchant saves the token for subsequent transactions.
- You approve the transaction with CVV and OTP
Is card tokenization secure?
When card details are saved in an encrypted manner, the risk of fraud or tampered data is minimized. Simply put, when you share your debit/credit card details in the form of a token, your risk is reduced.
“In fact, some merchants force their customers to store card details. The availability of such details with a large number of merchants significantly increases the risk of card data theft. In recent times, such incidents where card data was stored by some merchants. Compromised/leaked. Any leakage of COF data can have serious consequences as many jurisdictions do not require an AFA for card transactions. Stolen The card data can also be used to commit fraud within India through social engineering techniques,” the RBI said in its release.
This initiative is expected to make card transactions more safe, secure and convenient for the users
No need to remember 16-digit debit, credit card numbers
The central bank had said that there would be no need to input card details for every transaction. token system
“Contrary to some of the concerns expressed in certain sections of the media, input card details will not be required for every transaction under the token arrangement. In order to deepen digital payments in India and make such payments secure and efficient, the Reserve Bank of India (RBI) Efforts will continue,” the RBI release said.
Never miss a story! Stay connected and informed with Mint.
download
Our App Now!!
,