The card-on-file (CoF) tokenization rules of the Reserve Bank of India (RBI) will come into effect from October 1, 2022. The new tokenization method, according to the RBI, will make payments for cardholders easier, safer, and more convenient.
The RBI also stated that, in order to simplify transactions, consumers' credit card and debit card information—used for online, point-of-sale, and in-app purchases—will be kept as an "encrypted" token following the implementation of the tokenization norms. The deadline for the new tokenization rules was originally set for July 1, but it was extended to September 30.
However, the majority of large merchants have cooperated with the RBI's card-on-file (CoF) tokenization requirements, and 19.5 crore tokens have been granted thus far.
The RBI ordered the deployment of CoF tokenization as a substitute for card storage in September, banning merchants from keeping customer card information on their servers beginning January 1, 2022.
What is Tokenization?
As part of the RBI's tokenization plan, all businesses are expected to remove all current information on cards and replace it with a special "token." Merchants won't be permitted to keep a customer's card information once the policy is in place, as the RBI claims that doing so will prevent card misuse and increase the security of online transactions.
Benefits of Tokenization
RBI has stated that many entities, including e-commerce, merchant stores, websites and applications - involved in the credit/debit card payment transaction chain save users' card details.
It's also interesting to note that some merchants even need customers to save card information before utilizing their services or downloading their apps, which raises the risk of users' private information being stolen.
Tokenization seeks to prohibit such frauds since merchant entities won't have access to actual cardholder information; instead, they will only have a special, randomly generated token code.
Charges for Tokenization
Credit/debit card users are not required to utilize the token system, according to the RBI. If the cardholder chooses not to use the tokenization mechanism, they will need to manually enter their credit or debit card information each time they make a purchase on an e-commerce or merchant website.
Additionally, according to RBI, a person will need to develop unique tokens for each card they hold.
Steps to create a token for debit, and credit cards
-
Go to any e-commerce merchant website or application and start a transaction.
-
During the check-out, enter the details of the credit/debit card along with additional details.
-
Secure the card and tokenize it per RBI's latest guidelines by selecting the 'secure your card as per RBI guidelines' or 'secure your card' option.
-
Authorize the token's creation by using the bank-provided one-time password (OTP) sent to the registered mobile phone or email to complete the transaction.
-
After creating the token, the data of one's card will be replaced with the above-mentioned token.
-
To help one recognize their card while making a transaction, the last four digits of the saved card will be displayed when they revisit the same website or application for any future transaction, representing that the card has been tokenized.