The Reserve Bank of India (RBI) had issued a circular (dated September 7, 2021) that said that with effect from January 1, 2022 (now revised to June 30, 2022), no entity in the card transaction/payment chain, other than the card issuers and/or card networks, shall store the actual card data. Any such data stored previously shall be purged.
In the current era of increasing digital payment and recent occurrence of data leaks from merchant website, customer card details get compromised. In addition, customers are becoming aware and concerned about safety of their personal details. Therefore, RBI, as a precautionary step, has mandated tokenisation to enhance card data security.
Tokenisation is a process by which the card network generates a unique token at the time of initiation of transaction thereby masking card details to the merchant. The 16-digit number on the card will be replaced by a unique code called “token”, which is unique for each combination of card, token requestor and device. Tokenisation makes the process of accepting payments easier and secure as tokens are worthless to fraudsters. Thus, tokenisation is more than a security technology – it provides smooth transactions and safety to customers against frauds, thus building trust in the minds of customers, which is the need of the hour to induce loyalty. With representation from banks & merchants for extension to comply with card-on-file tokenisation norms, the RBI has extended the deadline to June 30, 2022. Overall, gradual upgradation to tokenisation remains a positive move towards a safer environment. Such a move could be positive for cards; especially credit cards, as it would generate more confidence among customers.