Current Affairs

Issue

The RBI has decided to extend the implementation of card-on-file (CoF) tokenisation norms by six months to June 30, 2022.

 

Background

Payment gateways, merchants and e-commerce companies will have to follow RBI directions and implement the tokenisation norms.

 

Details

• The RBI has directed that all merchants and e-commerce firms should delete sensitive data of the customer relating to their card details.

• Currently, commerce companies and airlines and supermarket chains store card details of their customers. They will have to delete such data.

• Ahead of the supposed changes, banks and payment merchants have been informing their customers through SMS and emails.

 

Tokenisation

• Tokenisation refers to replacement of actual credit and debit card details with an alternate code called the “token”.

• The token will be unique for a combination of card, token requestor and device. They will vary from transaction to transaction.

 

The rules

• Online players will have to delete any credit and debit card information stored on their platforms and replace them with token.

• Customers who do not have the tokenisation facility will have to key in their name, 16-digit card number and also their CVV number.

 

Reasons for postponement

• Merchants say that their backend systems are not yet ready to adopt the new regime and have sought further time.

• Some banks have also asked RBI for extending the deadline as they do not possess the technology to implement the rules.

 

Benefits

A tokenised card transaction is considered safer as the actual card details are not shared with the merchant during transaction processing. This reduces chances of fraud.

 

Concerns

• Entering card number, expiry date and CVV will be cumbersome exercise and may impact transaction value.

• Online merchants may lose up to 20-40% of their revenues due to tokenisation norms if hurriedly implemented.