homepersonal finance NewsNew debit, credit card rules kick in from Oct 1 with tokenisation — how it benefits users & merchants

New debit, credit card rules kick in from Oct 1 with tokenisation — how it benefits users & merchants

Tokenisation replaces sensitive card information like card number, card expiry with a cryptographically generated random string, referred to as the card token. Here's all you need to know about new debit and credit card rule.

Profile image

By Anshul  Oct 1, 2022 12:27:50 PM IST (Updated)

Listen to the Article(6 Minutes)
3 Min Read
New debit, credit card rules kick in from Oct 1 with tokenisation — how it benefits users & merchants

The rules for online payments for debit and credit cards change from today i.e. October 1, 2022, as the Reserve Bank of India's (RBI) card-on-file (CoF) tokenisation norms come into effect. RBI's CoF tokensiation is expected to improve the payment experience of the cardholders.

Live TV

Loading...

According to the new rule, neither businesses nor payment aggregators can save customer card details on their platforms. The card details can only be saved by the card networks or issuing banks.


Benefits of tokenisation

Tokenisation replaces sensitive card information, like card number, card expiry with a cryptographically-generated random string, referred to as the card token. Once a card is tokenised, the generated card token can be used for processing payments as a substitute to card details, thus eliminating risk of loss of sensitive card information while making card payments, said Akash Sinha, Co-Founder and CEO at Cashfree Payments, while talking to CNBC-TV18.com.

Impact on consumers

In the new card tokenisation scenario, customers would be minimally impacted. They will be required to enter their card details the first time for issuance of a token. Thereafter, the merchant will trigger the tokenisation process at no cost or effort to the customer.

Although, like with every new development, there may be a few initial teething issues that customers may face, in the long run this process will go far in ensuring that their personal sensitive data is protected and ecommerce transactions as a whole are made safer, Sinha told CNBC-TV18.com.

How new rule works

With the new RBI order, a shopper will have to put in their entire card details when they shop for something.

Once customers start purchasing an item, the merchant will initiate tokenisation and ask for consent to tokenise the card. Once consent is given, the merchant will send the request to the card network.

The card network will create a token, which will act as a proxy to the 16-digit card number and send it back to the merchant. The merchant will save this token for future transactions. Now, they will be required to enter CVV and OTP like before to give approval.

Impact on merchants

Merchants can now only store the four last digits of the customer card data. As a result, they have to delete any customer card data they may have saved.

"Merchants will no longer need to save cards on their own servers and manage compliance for the same. This reduces their liability when it comes to attacks and hackers. Moreover, merchants can tie up with payment gateways for leveraging their tokenisation solution. These solutions are ready-made offerings that allow the merchant to accept card payments without the hassle of becoming a token requester themselves," Sinha said.

Most Read

Share Market Live

View All
Top GainersTop Losers
CurrencyCommodities
CurrencyPriceChange%Change