In an official statement, RBI officials have stated that credit and debit card tokenisation will come into effect from July 1, 2022.
The Reserve Bank of India announced the good news for all electronic card holders. The statement says that online merchants will not be able to save customers’ card data starting next month as tokenisation comes into effect.
Earlier, the RBI had disclosed the rules regarding debit and credit card tokenisation. The main highlight was the customer’s card details, which will remain secure through tokenisation. Tokenisation of cards will convert the details of cards into tokens, making it difficult for online merchants to access it. Thus, it is no longer mandatory for the customer to save card details on an online website while paying.
According to the central bank authorities, saving card details in tokens is safer than providing actual details such as the card number, CVV, or the card expiry date.
What Is Tokenisation?
Whenever we shop online, the online shopping app asks us for card details for payment. We tend to differentiate between the safer websites by the enormity of the brand. We trust big tech companies such as Amazon and Flipkart, and don’t hesitate to provide our card details.
What about the websites that are still struggling but can provide the product we need? We are likely to give it a second thought, or drop the plan of buying the product. Moreover, if websites of big tech companies get hacked, there is a huge possibility of our card details getting leaked as well.
The RBI has planned to implement the tokenisation of electronic cards for payment to overcome these possibilities. This will convert the card details into a confidential code called “tokens” that will be unique for every card and pertain to one merchant at a time.
Through this tokenisation, the card details will remain confidential, and will be saved on the website’s server. This will not be accessed by anyone, including the online merchant, ensuring its safety from misuse. Online merchants will be unable to save credit/debit card numbers, CVV, expiry date of cards, and so on, on their servers. However, there will be an option to save the card details or to create a token for each different card at different online portals.
To create the token, the buyer will be asked to select the token option, after which the merchant will initiate the request to your bank or the card networks, and a token will be created. You can further save the tokens for future transactions with that merchant, for the same card.
For Customers Having Multiple Cards
One token number will be fixed to one merchant, but what if you have more than one card? The bank that issues the tokens on different website portals will also provide a dedicated portal that will manage tokenised cards.
This will make it easier for the customer to keep a check on the tokens for different website portals. We can see the tokens and delete them later if we no longer require them.
Other Rules On Credit/debit Cards That Will Come Into Effect From July 1
Other than this, the RBI has laid down many other rules regarding the usage and services of electronic payment cards.
The RBI says that the request to close the credit card will be effective within 7 days. But this is subject to the payment of all the dues pertaining to that card by the cardholder. If the customer fails to do so within 7 days, the penalty imposed is Rs 500 per day.
For all those credit cards that have not been used for a year, the RBI has asked issuers to close them after informing the cardholder. Further, all the remaining credit balance in the credit card will be transferred to the cardholder’s bank account.
Credit cardholders have a one-time opportunity to change their billing cycle according to their convenience. However, if any user receives a credit or debit card without issuing any, the banks or the issuer can face a double penalty.
Additionally, if any transaction fails before payment due date, it will be listed under ‘payment due’. This will be informed to the cardholder separately via SMS.
The RBI also states that the card issuer must take the consent of the cardholder to adjust credit amounts above a cut-off of 1 percent of the credit limit, or Rs 5,000, whichever is lower, resulting from refunds, unsuccessful or reversed transactions, or similar transactions against the credit limit for which the cardholder has already made payment. The issuer can ask for consent through SMS or via email within 7 days.
All the bills must be mailed or messaged to the users. Further, the issuer must ensure that the customer has enough days to repay the amount, before imposing interest on credits.