New Delhi: In a bid to make online transaction safer for users, the Reserve Bank of India (RBI) has directed all payment gateways and merchants to remove customer details/information like debit and credit data from their servers.
As India has taken a big leap towards digitization, more and more people are now using online payments for ordering food, shopping or booking cabs. However, the digital world is not a safe place as cyber criminals are always on the prowl to get access to customers’ data.
The RBI in September prohibited merchants from storing customer card details on their servers and mandated the adoption of card-on-file (CoF) tokenisation as an alternative to card storage.
The new rule will come into effect from January 1, 2022.
What Is The Issue?
According to the RBI directive, the merchants and payment gateways have to delete all customer information stored in their servers. A customer has to enter his/her full card (debit/credit) card details each time to make payments during online payments.
Several banks have also informed their customers about the new RBI rule. Private lender HDFC Bank has been sending text messages to its customers that they will either have to enter full card details or opt for tokenisation.
What Is Tokenisation?
Tokenisation means replacement of actual card number with an alternative code which is called tokens. From now on during an online transaction, a user don’t have to submit card details like 16-digit card number, expiry date, CVV , and the OTP, whereas, he/she has to place a request for a token to continue transaction. It works in way, i.e. the entity which accepts request from the customer for tokenisation of a card and passes it on to the card network to issue a corresponding token.
Is Tokenisation Safer?
According to the RBI, a tokenised card transaction is considered safer as the original card details are not shared with merchants during e-transaction. Token requester also cannot save any card details. The central bank has said that customer need not pay any charges for availing this service. So, it is a unique and new system for customers.
However, The Merchant Payments Alliance of India (MPAI) and the Alliance of Digital India Foundation (ADIF) on Wednesday urged the RBI to extend the CoF tokenisation deadline of December 31 for merchants.
They have cited several operational challenges that will hinder the transition to the token-based payments ecosystem. The industry bodies said that if implemented in the present state of readiness, the new RBI mandate could cause major disruptions and loss of revenue, especially for merchants.