New rules protecting debit and credit card customers from cyber fraud and data theft came into effect from today (October 1).
This comes after the Reserve Bank of India (RBI) mandated the adoption of card-on-file (CoF) tokenization for domestic online shopping.
At the end of June, the RBI had extended the Card-on-File (CoF) tokenization deadline to September 30 based on various representations received from stakeholders. The first deadline was June 30.
Stakeholders had issues related to the implementation of the framework with respect to customer payment transactions, among others. They also said that a number of transactions processed using tokens have yet to gain traction across all merchant categories.
But what are the new changes? What is card tokenization? Let’s take a closer look
According to the Reserve Bank of India (RBI), tokenization refers to the replacement of the actual card details with an alternative code called a “token”, which must be unique for a combination of card, token applicant and device.
A tokenized card transaction is considered more secure because the actual card details are not shared with the merchant while the transaction is being processed.
According to the RBI, only banks and networks will be allowed to store customer card data from September 30.
What does this mean for customers?
This means there will be an extra layer of security for debit and credit card holders.
Websites like Amazon, Flipkart, Paytm will no longer have card detail details on file.
Follow these steps to tokenize a card:
- Access any frequently used online website or mobile app to buy food, groceries or clothes
- Initiate a transaction
- On the payment page, select the option to pay by credit card or debit card. Enter CVV
- Click “secure your card” or “register card per RBI guidelines”
- Enter the OTP received on your registered mobile number
- The credit or debit card is now successfully tokenized and secure
- On your next visit to the site, only the last four digits of your card will be displayed
Is tokenization mandatory?
It is important to note that tokenization is not mandatory.
It is also free.
However, consumers who do not tokenize their cards will need to enter all of their card details when making purchases.
Experts welcomed this decision.
Gaurav Kapoor, Director and Co-Founder, Fincorpit Consulting said Mint, “This decision by RBI to make tokenization mandatory for merchants is a step forward in controlling the threat of cyberattacks.”
Rama Mohan Rao Amara, MD and CEO, SBI Cards and Payment Services (SBI Card) said PTI“This is a very good measure in terms of protecting consumer interests and guaranteeing against any data leaks.”
OTP, credit limit, interest charges
Three other major changes have also taken place.
According India time, credit card issuers must obtain consent based on a one-time password (OTP) if a cardholder has not activated their card for more than 30 days from the date of issue. If a consumer declines card activation, the issuer must cancel the credit card free of charge within seven business days, according to the report.
In the meantime, the Center has made card issuers responsible for ensuring that the credit limit is transmitted and approved by the consumer and that the limit is never exceeded without the cardholder’s written authorization.
The RBI circular also states that “Terms of payment of credit card charges, including minimum amount due, should be stipulated in such a way as to ensure that there is no negative amortization. An illustration is appended. Unpaid fees/levies/taxes will not be capitalized for invoicing/composition of interest. »
With contributions from agencies