Debit card and credit card rules concerning online payments
will change from July 1 for customers across India. The development comes as
the Reserve Bank of India is set to implement the credit card and debit card
tokenisation rule whereby online merchants will not be allowed to store
customer data on their servers to protect their privacy. This includes credit
or debit card number, CVV, card expiration date, and other sensitive
information.

The reserve bank mandated the adoption of card-on-file (CoF)
tokenisation applicable to domestic online purchases. The deadline for the
nationwide adoption of card tokenisation was extended by six months from
January 1 to July 1, 2022, to ensure a smooth transfer from the current
situation.

Also Read | New WhatsApp update: All you need to know

What is tokenisation?

By now, you may have received notifications from online
merchants and banks to ‘tokenise’ your cards to smoothly carry out
transactions. According to the RBI website, “Tokenisation refers to the
replacement of actual card details with an alternate code called the “token”,
which shall be unique for a combination of card, token requestor (i.e. the
entity which accepts the request from the customer for tokenisation of a card
and passes it on to the card network to issue a corresponding token) and device
(referred hereafter as “identified device”).”

Also Read | India inflation down by 0.75%: What it means for consumers

How to tokenise your credit card and debit card?

Credit card and debit card tokenisation can be done by
following five simple steps:

1. Visit your preferred online website or mobile application
to purchase items such as food grocery or clothes and then initiate a
transaction.

2. On the check-out page, select the credit card or debit card
payment option. Now provide the CVV details.

3. Click on the “Secure your Card” or “Save Card as per RBI
guidelines”

4. Click on save and enter the OTP received on your registered
mobile number

5. Your credit or debit card is now successfully tokenised and
is secured. Merchants will not be able to access your information anymore.

Also Read | SpaceX fires employees critical of ‘free speech absolutist’ Elon Musk

What if someone does not secure/tokenise their card before
July 1, 2022?

The credit card and debit card tokenisation process is not
mandatory and customers can choose whether or not to let their card tokenised.
If someone has their card details saved at any merchant website/application, it
will be removed automatically and card details will have to be entered each
time while making a transaction.

Also Read | Explained: The impact of bond yields on markets and investors

Credit card and debit card tokenisation: Other important
details

The tokenisation system is totally free of charge and is
not compulsory as well. However, it does not provide a smoother transaction
experience while also securing your data. 

One must note that tokenisation is applicable only for
domestic transactions and not for international online transactions.

Also Read | Explained: Impact of RBI’s repo rate hike on deposits, loans

The registration for a tokenisation request is made only
with explicit customer consent through Additional Factor of Authentication
(AFA), and not through a forced / default / automatic selection of check box,
radio button, etc, as per the RBI. The customer will also be given a choice of
selecting the use case and setting up limits.