Tokenisation : Debit card, Credit card rules from 1st July

Come July 1, merchants, payment aggregators, payment gateways and acquiring banks can no longer store the card details of customers. Businesses and other entities that have stored any such data will have to purge them and apply tokenization. All debit and credit card holders must take a note. The Reserve Bank of India (RBI) has legislated the introduction of tokenisation of card transactions. Accordingly it has a deadline of June 30, 2022.

What is tokenisation of debit, credit cards?

• Under tokenisation services, a unique alternate code is generated to facilitate transactions through cards. 
• It is the process of substituting a 16 digit customer card number. It is replaced with a non-sensitive equivalent value, referred to as a token. 
• This essentially means that a customer’s card information will no longer be available on any Merchant. Payment Gateway, or 3rd party that helps in the processing of digital transactions today.
• In addition to card tokenisation, consumers no longer need to fear saving their card details. 
• Cardholders will have to give an explicit consent that will be collected for tokenisation

Why tokenized card transaction is considered to be safer

A tokenized card transaction is considered safer as the actual card details are not shared with the merchant during transaction processing. For transaction tracking and reconciliation purposes, entities can store the last four digits of the card number and the card issuer’s name. The customer’s consent and OTP-based authentication are required for creating a token.

Card tokenisation deadline 

The first RBI deadline to tokenize the card details was June 30, 2021. But at the request of merchants and payment aggregators, as well as card companies and banks, it was extended to December 31, 2021. Accordingly the deadline was again extended by six months. The deadline for credit, debit card tokenisation is June 30, 2022