Direct Tax Services
Select Your Location
The Reserve Bank of India (RBI) via notification has come out with a new rule of tokenisation which will make online payments safer and secure. RBI has mandated that from 1st January, 2022 onwards any entity that is involved in the card transactions or forms part of the payment chain shall not store actual card data except the card issuers or card networks. Further, any such card data stored by these prohibited entities shall be deleted by them.
The entities that have been excluded from keeping the sensitive data have been asked to erase the sensitive data of their customers’ credit cards and debit cards from their end. Instead, they have been asked to use encrypted tokens to carry transactions from 1st January 2022 onwards.
Now these entities have started informing their customers that their saved card details have been deleted and from 1st January 2022 onwards the customers will either have to:
The conversion of card data into a cryptic token shall be done after taking voluntary consent of the customer and would require Additional Factor of Authentication (AFA).
Table of Contents
This is not a hasty step taken by the RBI. The RBI had issued guidelines in the March of 2020 asking merchants not to store card data of their customers on their websites and apps. Again fresh guidelines were issued in September of 2021 and gave these entities an ultimatum to delete the sensitive card information of their users by the end of 2021 and comply with the scheme of tokenisation as an alternative.
Tokenisation is the process of converting the card details of the customer into a unique alternate code that will be unique for every cardholder, the device used and the token requestor. So from the 1st January 2022 onwards the customer will either have to fill in the full 16 digit card number with expiry date and CVV or avail the secondary option of Token.
Every time a card holder wishes to make a transaction using his/her card, the merchant will initiate the process of tokenisation wherein the explicit consent will be sought from the card holder to tokenise his card. If the card holder accepts the request to tokenise the card, the merchant will direct the acceptance to the card network which in turn will create a token for the card and send it as a proxy to the merchant for completing the transaction.
It must be noted that one token is unique to one card and one merchant only. So every time a transaction is made to another merchant or while using a different card, the process of tokenisation shall begin afresh.
With the increasing number of e-commerce websites and apps propping up, the customers are taking the online route to make payments. The sites of the merchants where the customers place their orders usually store their card details and other sensitive information in their database for providing ease to their customers in case they wish to place further orders in the future. Storing of the customers data provides ease to the customers to place orders quickly without the need to type in the 16 digit long code and other relevant details at every transaction they make.
However, this process is fraught with dangers such as data leakage of the sensitive information of the consumers. In order to protect the sensitive information of the customers, the RBI has come up with guidelines which mandate merchants to delete the already stored card information of the customers with them. The RBI also provides a scheme of tokenisation which will convert the card number into a token which is a unique cryptic code as a measure of safety for every transaction made via cards and the merchants will not be able to get hold of the actual information of the customers anymore and prevent any cases of financial frauds.
Tokenisation converts the card details in an encrypted code which reduces to a great extent the chances of data leakage and consequent risk of frauds can be curtailed.
The current system of making online transactions involves using of 16 digit number along with card expiry date, CVV number and One Time Password to complete the process of making the payments. These details are submitted to the merchant database every time the transaction is made.
Many websites and apps force their customers to submit their card details while making online payments. The submission of card details of the card holder with a number of merchants at multiple websites and apps exposes the card holder with the risk of leakage of sensitive card information.
There have been many instances in the recent past where the card information stored with the merchants has leaked on dark web and other platforms. Data leakage can have irreparable consequences because many banking jurisdictions do not ask for Additional Factor of Authentication while making card transactions. This has increased the chances of financial frauds and other crimes.
Some concerns have been raised from both the stakeholders such as the card holders are worried that they will have to remember their 16 digit number which will be difficult for them to type in every time they enter into a transaction and cause of concern for the merchants is that it will affect their revenue because their customer experience will be ruined because of a complicated process of typing in hard to remember card numbers. However, RBI has assured all of them that none of their concerns hold merit. The RBI claims that the card holders are not required to remember their 16 digit code every time they make online transactions because of the convenience provided by the tokenisation rule. All that the customer needs to do is enter the token and complete a simple AFA process to go through the transaction process.
Read our article:RBI allows Payments Banks and Small Finance Banks to undertake government agency business
Prabhat has done his BA LLB (Hons) and has been writing research papers since his law school days. His interest in content writing made him pursue a career in legal research and content writing. His core areas of interest are indirect taxes, finance and real estate.
The Reserve Bank of India, in its press release dated June 8, 2023, issued Statement on Develop...
RBI released a developmental and regulatory policy statement on June 8, 2023. The objective of...
Financial Institutions called Asset Reconstruction Companies ("ARCs") reconstruct and securitis...
Any person booked for an offence under the Criminal Procedure Code (CrPc) / the Code would be r...
The Reserve Bank of India regulates Non-Banking Financial Companies in India, and they are subj...
The Reserve Bank of India regulates Non-banking Financial Companies in accordance with the RBI...
Incorporation of a Limited Liability Company (LLC) is an attractive choice for small business o...
The Reserve Bank of India (the Bank) issued Non-Banking Financial Companies Acceptance of Publi...
A few years ago, investing in traditional investment categories like shares, bonds, real estate...
Compared to other organisations, the corporate governance of Non-Banking Financial Companies is...
Are you human?: 5 + 6 =
Easy Payment Options Available No Spam. No Sharing. 100% Confidentiality
With a view to bring uniformity in the approach of banks and to align the expectations of internal audit function w...
16 Jan, 2021
The Reserve bank of India recently issued various developmental and regulatory policies. These policy measures inte...
22 Jan, 2021
Red Herring Top 100 Asia enlists outstanding entrepreneurs and promising companies. It selects the award winners from approximately 2000 privately financed companies each year in the Asia. Since 1996, Red Herring has kept tabs on these up-and-comers. Red Herring editors were among the first to recognize that companies such as Google, Facebook, Kakao, Alibaba, Twitter, Rakuten, Salesforce.com, Xiaomi and YouTube would change the way we live and work.
Researchers have found out that organization using new technologies in their accounting and tax have better productivity as compared to those using the traditional methods. Complying with the recent technological trends in the accounting industry, Enterslice was formed to focus on the emerging start up companies and bring innovation in their traditional Chartered Accountants & Legal profession services, disrupt traditional Chartered Accountants practice mechanism & Lawyers.
Stay updated with all the latest legal updates. Just enter your email address and subscribe for free!
Chat on Whatsapp
Hey I'm Suman. Let's Talk!