Change in debit/credit card rules from October 1
RBI’s tokenisation norms will be effective from October 1. Earlier the deadline for completing tokenisation was July 1, however it has been extended till September 30. Users are being notified by banks and online merchants to tokenise their cards. According to the new rules, the user’s actual card details will be saved in the form of an encrypted token. The token shall be generated as a unique combination of the debit/credit card , token requestor and the device. However, tokens generated will only be applicable for that particular merchant and the device on which it has been issued.
RBI aims to use tokenisation to improve user experience and avoid any fraudulent online transactions as once tokenisation is completed, the payment aggregators, online portals and wallets shall no longer be able to access the user’s details like the card number, CVV or expiry date. For tokenisation, card holders can initiate a request on the app provided by the token requestors.
Although tokenisation is not mandatory, it is ideal because it shall ensure that all the transactions that are carried out through payment aggregators, wallets and online platforms are secure. In addition to the security that tokenisation brings, it will also help users to save their time while transacting online – as they would not be required to re-enter their personal information while carrying out online transactions.