After deferring them on two occasions, the RBI’s tokenisation rules are set to be introduced from October 1. Tokenisation refers to phasing out the practice of saving card details and replacing it with an alternative code referred to as token.
The RBI has mandated the adoption of card-on-file (CoF) tokenisation as an alternative to card storage. And it will apply to domestic, online purchases.
This is a mechanism to ensure digital transactions are safe by restraining online merchants from saving the debit and credit card details of customers.
There is no denying the fact that a tokenised card transaction is safe since the actual card details are not shared with the merchant during transaction.
In an interview with MintGenie, Sugandh Saxena – CEO of Fintech Association for Consumer Empowerment (FACE), had once mentioned that tokenisation is absolutely vital to maintain customers' trust in digital financial services.
Prior to the current deadline, the RBI had given the deadline of June 30 to merchants after which the new tokenisation norms were to be implemented. In view of the lack of preparedness, the deadline was deferred by three months until Sep 30.
Before this, these rules were supposed to be rolled out from January 1 after the banking regulator prohibited merchants from storing customer card details on their servers in September 2021.
The industry bodies in past have requested the RBI to defer the deadline to June 30 citing a number of challenges in implementing this new rule.
Resistance remains for merchants
Although the deadline to roll out tokenisation will expire in less than two weeks from now, the resistance to this remains.
Several global service providers such as Netflix, Spotify, Microsoft and Disney Hotstar have raised questions on the feasibility of rendering recurring payments via tokens starting October 1. They have reportedly sought central bank’s intervention through an industry body to ensure that transactions can take place without having to store subscriber card details.
Consequently, the Merchant Payments Alliance of India has informed the banking regulator to solve the issues around recurring payments at the outset before completely phasing out the rule of storing cards.
Merchants say that implementing tokenisation without sufficient preparedness will cause major disruption in recurring payments.
Tokenisation to entail the following:
1. At the time of make a purchase, the merchant will start tokenisation for which it will ask for your consent.
2. Once the consent is given, the merchant can send a request for tokenisation to the card network.
3. The card network will create a token to be sent to the merchant. This token will then act as a proxy to 16-digit card number.
4. The token will be saved by merchant for any transaction going forward.
5. Even after tokenisation, you will need to enter CVV and OTP just as earlier to validate the transaction.
6. If you want to use some other debit card, the same process will have to be repeated.
