Thanks to the Reserve Bank of India, now consumers will not have to remember their debit and credit card details all the time.
The RBI regulation prohibiting merchants from storing card data takes effect on January 1, 2022.
With the RBI’s approval of card-on-file tokenisation, quick checkouts may continue.
But what is tokenisation?
Under tokenisation – a unique code will be generated for individual users. This service will help protect the security of card data. Customers can now request their banks to give tokens to internet merchants instead of their card information. This will help you to make payments in the future without having to enter your credit card information.
What happens under the tokenisation scheme?
Earlier, the RBI had allowed tokenisation for particular devices.
Customers can register their NFC device – a phone or a tablet – with their card-issuing bank. The bank would then send a token tied to the customer’s card number to the app on the device.
So whenever a client uses their phone or tablet to make a tap-to-pay transaction, the bank would first receive the token number. It will then confirm the transaction after recognising the device and the token.
How will it help?
Today, if a breach takes place, hackers will have full card data, which is acceptable for payment in some countries without an OTP.
If a hacker gets hold of a consumer’s token details, payment will not go through as it would not be from the registered device. Also, tokenisation would still need two-factor authentication.
If hackers break into an e-commerce site, all they would get access to are tokens that no one else can use.
What are the RBI’s new guidelines?
RBI has expanded the scope of tokenisation and allowed card issuers to operate as token service providers (TSP). “The device-based tokenisation framework recommended in the January 2019 and August 2021 circulars has now been extended to Card-on-File Tokenisation (CoFT) services as well,” the RBI stated.
Customers may now request their banks to send tokens to e-commerce sites, rather than Payment Apps to get tokens for purchases.
The central bank has reaffirmed that other than card issuers and card networks, no one in the card transaction/payment chain can store card data from January 1.