New Delhi: To ensure that consumers are protected from fraud and their card transactions are secure, the Reserve Bank of India (RBI) on Tuesday tightened rules on card token services and refused to extend the agreed deadline for card tokens. done. The January 1, 2022 deadline, effectively eliminates single-click payments but still allows users to avoid typing their card information for each transaction.
“With effect from January 1, 2022, no entity in the card transaction/payment chain other than the card issuer and/or the card network shall store the original card data,” the apex bank said in a statement. Such data stored earlier will be purged.”
Read also | LIC IPO: Center expects up to 20% foreign institutional investment, says report
Non-cash transactions streamline operations and save time and effort, but they can expose you to fraud. In online transactions, tokenization is used to replace the actual card details entered with random digits.
RBI, on the other hand, has expanded a service that allows users to avoid entering 16-digit card numbers and other personal information when using the service.
According to an RBI statement, the device-based tokenization framework recommended in the RBI circulars dated January 2019 and August 2021 has now been extended to card-on-fitness tokenization (COFT) services.
Card-on-File refers to the card information saved by payment gateways and merchants to fulfill future purchases.
Read also | 7th Pay Commission: Gujarat hikes DA of state government employees by 11%
RBI said in a statement, “…Card issuers are permitted to offer card token services as token service providers. Tokenization of card data shall be done with explicit customer consent, for which authentication is required. Additional Factors (AFA) will be required.”
Since merchants will not be able to save card details (except for source banks and card issuers such as RuPay, Visa and MasterCard), card details will not leak as the merchant’s database will contain random numbers instead of card details.
.