As of October 1, rules for credit cards and debit cards are changing. The following are some essential details.
The Reserve Bank of India’s (RBI) card-on-file (CoF) tokenisation requirements go into effect on October 1, 2022, changing the rules for online credit and debit card transactions. This standard should improve cardholders’ payment experience. The deadline for RBI’s new tokenization rules was July 1, but it was extended to September 30 after stakeholder input.Â
Most big retailers have complied with the RBI’s card-on-file tokenisation regulations, and 19.5 crore tokens have been issued. The RBI banned businesses from keeping card information on servers from January 1, 2022, and enforced CoF tokenisation as an alternative.
RBI’s Card-on-file tokenization
Payment gateways and merchants save CoF to execute future transactions. Cardholders must register their cards once at each e-commerce website to create a token. By saving, the cardholder agrees to produce a token.
This consent is authenticated using a second factor (AFA). A card-and e-commerce-specific token is then produced. This token isn’t redeemable anywhere.
After establishing the token, the cardholder can use the last four digits during checkout at the same merchant’s website. Cardholders don’t need to remember or enter tokens for future transactions.
Why will customers care?
Tokenized card transactions are safer since the merchant doesn’t see the real card data. Once CoF tokenisation guidelines are enforced, platforms won’t be able to keep shoppers’ card data.
How to tokenise?
Cardholders can tokenize their cards via the token requestor’s app. The token requestor sends the request to the card network, which, with the card issuer’s approval, issues a token matching the card, token requestor, and device.
Let’s illustrate. First-time buyers on Flipkart and Amazon must input their 16-digit debit or credit card number and CVV code. When making a second purchase from the same e-retailer, only the CVV is needed because the site has kept the card number.
Customers must now submit their full card details while shopping. The merchant then tokenizes. After getting customer authorization, the merchant sends a request to the card network, which creates a token. This token will convey the 16-digit card number to the retailer.
