New Delhi: From July 1, payment gateways, merchants, payment aggregators and acquiring banks will not be able to store customer card details as the Reserve Bank of India (RBI) announced the introduction of tokenization card transactions.
This means that companies and other entities that have stored such data will have to delete it. The central bank has mandated the introduction of tokenization with a deadline of June 30, 2022.
The RBI defines it as a replacement of the actual card details with an alternative code called the “token”, which must be unique for a combination of card, token requester (i.e. the entity accepting the customer’s request for tokenization of a card and enters the network of the card to issue a corresponding token) and device (hereinafter referred to as “identified device”).
A person performing digital transactions must have noticed that websites and apps provide options to a user’s card details. However, as of July 1, 2022, they can no longer record/store customer card numbers, CVV and expiration date, or any other sensitive card information.
Securing/tokenizing a card means replacing the actual or clear card number with another code called a “token” on online websites/apps. You will not need to pay any fees to avail this service.
Why secure/tokenize the card?
A secure/tokenized card transaction is safer because the actual card details are not shared/stored with merchants to complete the transaction.
Step 1 – Visit your favorite online app/website to buy groceries, pay bills or order food and initiate a transaction
Step 2 – On the payment page, select HDFC Bank Credit/Debit Card and provide CVV
Step 3 – Check ‘Secure your card’ or ‘Register card in accordance with RBI guidelines’
Step 4 – Enter the OTP received on your registered mobile number
Step 5 – Your card details are now secure.
What happens if someone doesn’t secure/tokenize their card by July 1, 2022?
If someone has saved their card details on a merchant website or app, it will be deleted and the full card details will need to be entered each time during a transaction.
Users should note that tokenization only applies to domestic transactions and not international online transactions.
Although it is advisable and in accordance with RBI’s mandate to secure the card, a person can choose not to have their card tokenized.
Is there a limit to the number of cards that can be secured/tokenized?