The Reserve Bank of India announced changes to online payment rules in 2020. In September of this year, it gave online merchants until the end of the year to start implementing tokenization. As a result, the banks informed their customers.
With the increase in digital penetration in the country, more and more people use online payments to order food, stores or reservation taxis.To provide greater security for people and secure online payments, the Reserve Bank of India (RBI) has asked all merchants and payment gateways to remove sensitive customer details and registered debit and credit cards.
The new rules will take effect on January 1. What does it mean? After ordering from the RBI, merchants and payment gateways will need to delete all information stored on their servers. This means that a user will need to enter their full card details to make payments on merchant sites. Banks have started to inform their customers about the changes taking place. One of the major HDFC private banks has sent text messages to its customers who will need to enter their full card details or opt for tokenization.
In the current system, transaction execution is based on the correct values of the 16-digit card number, card expiration date, CVV, and one-time password or OTP (in some cases also the PIN code of the transaction). Tokenization consists of replacing the actual card number with an alternative code, called “tokens”.
It is unique for a combination of card, token requester (i.e. the subject who accepts the client’s request to tokenize a card and forwards it to the network card to issue a corresponding token) and device ( hereinafter referred to as “identified device”). How is tokenization more secure? According to RBI, a tokenized card transaction is considered more secure because card details are not shared with the merchant while the transaction is being processed.
He further stated that the actual card data, token and other relevant details are securely stored by authorized card networks. The token requester cannot store the Master Account Number (PAN) i.e. card number or other card details.
Card networks are also required to obtain Security and Safety Token Applicant Certification in accordance with international best practice / globally accepted standards. The central bank also said that converting the token into actual card details is known as detokenization.
He added that the needs of the customer will not pay any fees to take advantage of this service. What will change from January 1? From January, when you make your first payment to a merchant, you will have to give them your agreement with an additional authentication factor (AFA). Once done, you will complete the payment by typing in your card’s CVV and OTP.