The Reserve Bank of India (RBI) has again extended the deadline for debit and credit card token rules till September 30. Under the new rule, users will have to delete the credit or debit card data and replace it with a ‘token’.
The Reserve Bank of India (RBI) has again extended the deadline for debit and credit card token rules till September 30. RBI said that many people have not been able to link their debit and credit cards with the token system, due to which the time limit has been extended. Under the new rule, online users will have to delete any credit or debit card data collected on their platform and replace it with a ‘token’.
What is token and how to get it?
The tokenization system replaces the debit and credit card details with an alternate code called ‘token’. This helps keep your card information hidden to the device. According to RBI, an individual can “tokenize the card by requesting it on the app provided by the token bank or entity. The Reserve Bank said that the cardholder does not have to pay any fee and this process is not mandatory.
Having the token allows the token to be saved instead of saving your card information on any shopping website or e-commerce website. This token will be only for that particular merchant and that particular device which will be allowed to tokenize. No third person can use it. Note that tokenization is limited to mobile phones and tablets. This process cannot be done through a smartwatch or other device. Also, tokenization and de-tokenization (transfer of tokens to the actual card details) can only be done by authorized card networks.
Why did RBI issue new rules?
The RBI said that tokenized card transactions are considered secure, as the actual card details are not shared with the merchant during the transaction. With this , the website does not have to give information about credit card and debit card information like card number, CVV number, name etc., only token makes your work easy.
On the other hand, if you do not intend to make purchases on any site later or renew the recurring payment linked to your account, you may delete the associated token. Also, if the card is changed, you will have to expressly consent to associating it with the merchants with whom you previously registered the card.
What if a device with a ‘token’ identification is lost or stolen?
According to RBI, all complaints should be made to the card issuers. Card issuers will ensure easy access for customers to report loss of ‘identified device’ or any other event that may expose the token for unauthorized use.”
Are there any risks?
Though the Reserve Bank said the new process is “safe”, it may involve some “other security risks”. According to BankBazaar.com, with card tokenization, sensitive card data is linked with the token and no actual data is shared anywhere other than the issuer, the card network and the customer. In such a situation, its use is considered risk free.