The RBI's CoF tokenisation regulations will take effect on October 1, 2022.
Several incidents of online fraud and credit-debit card scams that occurred during online payments have been troubling common users for a long time. The Reserve Bank of India (RBI) has made the decision to implement card tokenisation as of October 1 in order to safeguard consumers from cyber fraud that may happen when they save the specifics of their credit or debit card on online retailers or shopping websites.
The RBI has ordered that no payment aggregator, payment gateway, or merchant can hold credit or debit card information of any consumer as part of the changes to the laws governing the usage of debit and credit cards for making online payments.
Tokenisation is poised to be used in daily life, so understanding how it works is essential.
According to the State Bank of India, "Tokenisation is the process of replacing a card's 16-digit number on the plastic card with a unique alternate card number, or 'Token', which shall be unique for a combination of card, token requestor, and device. Tokens can be used for online transactions, mobile point-of-sale transactions, or in-app transactions. This token contains no personal information that can be directly accessed and keeps changing, making it the most secure method to complete payments. "
The advantages of Tokenisation
Due to the fact that no data would be saved on the merchant's website or mobile application, tokenisation will increase the security of digital transactions.
As the 16-digit card number, name, and expiration date do not need to be entered again, this method will also make checkouts go more quickly. As an added measure of security, CVV and OTP authentication will still be used.
Instructions from RBI:
All payment aggregators, wallets, and online retailers have been ordered by the RBI not to hold crucial card information. As a result, "token" can be used in place of the card numbers.
A unique token for each card:
Every card saved on each merchant will have a unique token connected with it.
Not a mandatory process:
The decision to tokenise a customer's card is entirely up to them. For a customer, it is not mandatory to tokenise his or her card.
No limit on the number of cards:
There is no limit on the number of cards that one can request for tokenisation. A person can request the tokenisation of any number of cards to perform a transaction.
The deadline for the tokenisation rules was originally set for July 1, but it was extended forward to September 30. The majority of big retailers have already complied with the card-on-file tokenisation rules set forth by the RBI.