Nagpur: The rules for online payments for debit and credit cards will change from October 1, 2022, as the Reserve Bank of India’s card-on-file (CoF) tokenization norms come into effect. The new rules are expected to improve the payment experience and prevent cardholders from online fraud. The deadline for the RBI’s new tokenization guidelines was set to come into effect from July 1, but it was extended to September 30, according to reports.
What are the new credit and debit card rules?
Gold Rate
Friday 28 Feb. 2025
In 2021, the RBI restricted merchant sites from saving the card details (card numbers, expiration dates) of customers and mandated the adoption of tokenization as the availability of card details with multiple entities increases the risk of card data being stolen or misused.
What is tokenization?
Tokenization is the process of turning sensitive data into ‘non-sensitive’ data called tokens. These tokens convert a debit or credit card holder’s 16-digit account number into a digital credential that can’t be stolen or reused. The data of your card is now replaced with this token. When the card details are saved in an encrypted manner, the risk of fraud or compromised data gets reduced.
So far, Rs 19.5 crore tokens have been issued. And most large merchants have already complied with the RBI’s card-on-file (CoF) tokenization norms.
How will it Impact customers?
A shopper will have to put in their entire card details when they shop for something. Once customers start purchasing an item, the merchant will initiate tokenization and ask for consent to tokenize the card. Once consent is given, the merchant will send the request to the card network. The card network will create a token, which will act as a proxy to the 16-digit card number and send it back to the merchant. The merchant will save this token for future transactions. Now, they will be required to enter CVV and OTP like before to give approval.
The RBI also informed that, after the implementation of the tokenisation norms, the customers’ credit card and debit card details – used in online, point-of-sale, and in-app transactions – will be stored as an ‘encrypted’ token in order to ease the transaction process. The new tokenization guidelines were scheduled to come into effect from July 1, but the deadline was pushed to September 30.
The RBI last September prohibited merchants from storing customer card details on their servers with effect from January 1, 2022, and mandated the adoption of CoF tokenization as an alternative to card storage.
