To preserve consumer security, the RBI established tokenisation rules last year, which effectively prevented retailers from retaining client card data on their systems. The implementation of card-on-file (CoF) tokenisation for domestic internet purchases was mandated by the central bank. To allow a seamless transition from the existing situation, the timeframe for nationwide implementation of card tokenisation has been extended by six months, from January 1 to July 1 2022.
The new law prohibits online businesses from storing your card data, and only your bank and card provider will have access to it. Under this scheme, a cardholder can have his or her card tokenized by making a request using the token requestor’s app. The token requestor will pass the request to the card network, which will issue a token corresponding to the combination of the card, the token requestor, and the device with the agreement of the card issuer.
This implies that when you begin purchasing an item from a merchant, the seller will begin tokenisation. It will request for permission to tokenize your card. Following your approval, the merchant will send a tokenisation request to the card network. The card network will then generate a token that will serve as a proxy for your 16-digit card number and return it to the retailer. This token will be saved by the merchant for future transactions. To approve the transaction, you will also need to input your CVV and OTP. If you wish to use another card, you must repeat the process.
This procedure, however, is optional, and a consumer can select whether or not to have his or her card tokenised. In that instance, the buyer will have to re-enter all card information when making an online purchase.
Discussion about this post