New credit and debit card rules from today: How will it impact you?

A number of entities, including merchants in an online payment chain, store card data like card numbers and expiration dates — Card-on-File (CoF) — citing convenience and comfort to cardholders. While this practice does render convenience, the availability of card details with multiple entities increases the risk of card data being stolen or misused.

Tokenisation is the process of turning sensitive data into 'non-sensitive’ data called "tokens". These tokens convert a debit or credit card holder’s 16-digit account number into a digital credential that can’t be stolen or reused.

This token — representing the customer's card data — is saved in the merchant’s payment system and processes the transaction.

When the card details are saved in an encrypted manner, the risk of fraud or compromised data gets reduced

Platforms won't be able to store the card credentials of a shopper in any form.

For instance, when customers shop on an e-commerce site for the first time, they are asked to feed the 16-digit debit card number and then the CVV code. However, when they buy another item from the same platform, they can see that the site has already stored the 16-digit card number and they just have to put in the CVV and then the OTP is generated by the bank to make the purchase.

With the new RBI order, a shopper will have to put in their entire card details when they shop for something.

Once customers start purchasing an item, the merchant will initiate tokenisation and ask for consent to tokenise the card. Once consent is given, the merchant will send the request to the card network.

The card network will create a token, which will act as a proxy to the 16-digit card number and send it back to the merchant. The merchant will save this token for future transactions. Now, they will be required to enter CVV and OTP like before to give approval.