The Reserve Bank of India has asked every merchant and payment gateway to delete all sensitive customer data available on their end in order to make payments more secure. Under the new rule, which is to be implemented from January 1, 2022, merchants have to use encrypted tokens to make transactions. The banks have also started to notify customers about the new guidelines mandated by the RBI. “Effective 1st Jan’22! Your HDFC Bank card details saved on Merchant Website/App will get deleted by the merchants as per the RBI mandate for enhanced card security. To pay each time, enter full card details or opt for tokenisation,” said the HDFC bank in an SMS last week, according to reports.
What is the New RBI Rule?
In a notice issued in September this year, the RBI said, “With effect from January 1, 2022, no entity in the card transaction / payment chain, other than the card issuers and / or card networks, shall store the actual card data. Any such data stored previously shall be purged.”
“For transaction tracking and / or reconciliation purposes, entities can store limited data – last four digits of actual card number and card issuer’s name – in compliance with the applicable standards,” it added.
What is Tokenisation?
Tokenisation refers to replacement of actual card details with an alternate code called the “token”, which shall be unique for a combination of card, token requestor (i.e. the entity which accepts request from the customer for tokenisation of a card and passes it on to the card network to issue a corresponding token) and device (referred hereafter as “identified device”).
The card holder can get the card tokenised by initiating a request on the app provided by the token requestor. The token requestor will forward the request to the card network which, with the consent of the card issuer, will issue a token corresponding to the combination of the card, the token requestor, and the device.
What do You Need to do from January 1, 2022?
Once you start purchase of an item with a merchant, the merchant will initiate tokenisation. It will ask for your consent to tokenise your card. Once you give consent, the merchant will send a tokenisation request to the card network. The card network will then create a token, which will act as a proxy to your 16-digit card number, and send it back to the merchant. The merchant will save this token for future transactions. You will also have to enter your CVV and OTP like before to approve transaction. If you want to use another card, the same process is to be followed again.
Is it Safe to do Card Tokenisation?
“Actual card data, token and other relevant details are stored in a secure mode by the authorised card networks. Token requestor cannot store Primary Account Number (PAN), i.e., card number, or any other card detail. Card networks are also mandated to get the token requestor certified for safety and security that conform to international best practices / globally accepted standards,” says the RBI in its website.
Moreover, if you save your card details in a encrypted manner, it will prevent cyber frauds. “”In fact, some merchants force their customers to store card details. Availability of such details with a large number of merchants substantially increases the risk of card data being stolen,” said the RBI in a press release.
Read all the Latest Business News here
Comments
0 comment