Tokenisation norms by RBI
Date: 27 December 2021 Tags: Monetary Policy & RBIIssue
The RBI has decided to extend the implementation of card-on-file (CoF) tokenisation norms by six months to June 30, 2022.
Background
Payment gateways, merchants and e-commerce companies will have to follow RBI directions and implement the tokenisation norms.
Details
-
The RBI has directed that all merchants and e-commerce firms should delete sensitive data of the customer relating to their card details.
-
Currently, commerce companies and airlines and supermarket chains store card details of their customers. They will have to delete such data.
-
Ahead of the supposed changes, banks and payment merchants have been informing their customers through SMS and emails.
Tokenisation
-
Tokenisation refers to replacement of actual credit and debit card details with an alternate code called the “token”.
-
The token will be unique for a combination of card, token requestor and device. They will vary from transaction to transaction.
The rules
-
Online players will have to delete any credit and debit card information stored on their platforms and replace them with token.
-
Customers who do not have the tokenisation facility will have to key in their name, 16-digit card number and also their CVV number.
Reasons for postponement
-
Merchants say that their backend systems are not yet ready to adopt the new regime and have sought further time.
-
Some banks have also asked RBI for extending the deadline as they do not possess the technology to implement the rules.
Benefits
A tokenised card transaction is considered safer as the actual card details are not shared with the merchant during transaction processing. This reduces chances of fraud.
Concerns
-
Entering card number, expiry date and CVV will be cumbersome exercise and may impact transaction value.
-
Online merchants may lose up to 20-40% of their revenues due to tokenisation norms if hurriedly implemented.