New Delhi:
Good news is coming soon for all credit and debit card holders, as from July 1, 2022, online merchants will no longer be able to store customers’ card details.
The Reserve Bank of India (RBI) had issued debit and credit card tokenization rules last year, keeping customer safety in mind. Under the rules, merchants were not allowed to store customer card data on their servers.
These card tokenization rules will now take effect from July 1, 2022.
RBI had mandated the introduction of card-on-file tokens for domestic online purchases. The deadline for introducing card tokens across the country has been extended by six months from January 1, 2022 to July 1, 2022.
It is stored as an encrypted “token” to help customers perform secure transactions. These tokens allow payment without disclosing customer details. RBI guidelines mandate that the original card data be replaced with an encrypted digital token.
Therefore, from July 1, 2022, merchants will be required to remove customers’ debit and credit card information from their records.
The card tokenization system is not mandatory. Therefore, if a customer has not consented to tokenization of his or her card, the customer must enter all card details such as name, card number and card validity instead of entering the card verification value or CVV, every time he makes an online payment.
At the same time, if a customer agrees to card tokenization, he or she only needs to enter the CVV or one-time password information (OTP) while executing the transaction.
The tokenization system is completely free and offers a smoother payment experience while protecting the card details.
Also, tokenization only applies to domestic online transactions.
According to RBI, registration for a tokenization request is only made with the explicit consent of the customer through Additional Factor of Authentication (AFA), and not through any forced or default or automatic selection of a checkbox, radio button, etc.