Why Don't You Have To Memorise Your Debit/Credit Card Anymore? RBI's Guidelines On Tokenisation From Jan 1

New Delhi: In a bid to ensure that consumers are protected from fraud and that their card transactions are secure, the Reserve Bank of India (RBI) on Tuesday tightened the rules on card tokenization services and refused to extend the deadline for card tokenization beyond the agreed-upon January 1, 2022 deadline, effectively eliminating single-click payments but still allowing users to avoid having to type in their card information for every transaction.

"With effect from January 1, 2022, no entity in the card transaction/payment chain, other than the card issuers and/or card networks, shall store the actual card data," the apex bank said in a statement, adding, "any such data stored previously shall be purged."

ALSO READ | LIC IPO: Centre Expecting Foreign Institutional Investment Of Up To 20%, Says Report

Non-cash transactions streamline operations and save time and effort, but they can expose you to fraud. In online transactions, tokenization is used to substitute the actual card details entered with random digits.

The RBI, on the other hand, has extended a service that allows users to avoid entering 16-digit card numbers and other personal information if they use the service.

The device-based tokenization framework recommended in RBI circulars dated January 2019 and August 2021 has now been extended to Card-on-Fitness Tokenization (CoFT) services, according to an RBI statement.

Card-on-file refers to card information saved by payment gateways and merchants to complete future purchases.

ALSO READ | 7th Pay Commission: Gujarat Raises DA Of State Govt Employees By 11%

"...card issuers have been permitted to offer card tokenization services as token service providers. The tokenization of card data shall be done with explicit customer consent requiring additional factor of authentication (AFA)," the RBI said in a statement.

As merchants will not save the card details (except for source banks and card issuers such as Rupay, Visa, and Mastercard), card details will not be leaked since the merchant's database will include random numbers rather than card details.