The deadline was extended several times over the past two years at the request of stakeholders and most recently to three months starting from July so that the additional time period was used by the industry to prepare all stakeholders to handle token transactions. can be done for
On 30 September, RBI said that around 35 crore cards have been tokenized and the system is ready for the new norms which will be in place from 1 October. According to the data shared, the number of tokenized cards had increased from 195 million tokens created in June. First by RBI. The extension was also given to create public awareness about the process of creating tokens and using them to transact.
Currently, many entities, including merchants, are involved in an online card transaction chain store card data such as card number, expiration date, etc. [Card-on-File (CoF)] Referring to the convenience and comfort of the cardholder for making future transactions.
While this practice provides convenience, the availability of card details with multiple entities increases the risk of card data being stolen or misused and there are instances where such data stored by merchants has been compromised.
“Given the fact that many jurisdictions do not mandate additional factor of authentication (AFA) to authenticate card transactions, stolen data in the hands of fraudsters could result in unauthorized transactions and cause monetary loss to cardholders. Even within India, social engineering techniques can be employed to carry out frauds using such data,” RBI had said earlier.
In response, the RBI initially mandated that after December 31, 2021, card networks and entities other than card issuers cannot store card data.
What is tokenization?
According to RBI, tokenization refers to the replacement of the actual card details with an alternate code called “token”.
Following are some of the frequently asked questions regarding card tokenization:
What is the advantage of tokenization? A tokenized card transaction is considered secure as the actual card details are not shared with the merchant during the processing of the transaction.
How can tokenization be done?
– The Cardholder can get the Token to the Card by initiating the request on the App provided by the Token Requester. The token requester will forward the request to the card network, which, with the consent of the card issuer, will issue a token corresponding to the combination of the card, token requester and device.
Who can do tokenization?
Tokenization can only be done through authorized card networks and the list of authorized entities is available on the RBI website.
What are the charges that the customer will have to pay for availing this service?
There is no charge to the customer for availing this service.
What are the use cases (examples/scenarios) for which tokens are allowed?
Tokens through mobile phones and/or tablets have been permitted for all use cases/channels (eg, contactless card transactions, payments through QR codes, apps, etc.).
Is the card token mandatory for the customer?
No, the customer can choose whether to tokenize his card or not. Those who do not wish to generate tokens can continue to transact as before by entering the card details manually while transacting.