Alert! RBI card tokenisation rule starts Oct 1; know how to do it on your debit, credit card

Your online transactions, like making payments for shopping, will be changing from tomorrow, October 1, 2022. While making online payments, you must have noticed that your debit card and credit card details get saved by many organisations. They retain card details like card number, expiration date, and more. Though saving these details makes your payment making process easier, it also raises the risk of card information being misused or stolen. In order to curb online fraud, the Reserve Bank of India (RBI) has asked all merchants and payment gateways to remove customer details of debit card and credit card that are saved on their end as the card tokenisation rule will come into effect.

Under the card tokenisation rule, a unique code called token will be assigned to every credit card, on each website, merchant or payment gateway. The token will be generated one time for every website or app or platform where you will be using the card. "Tokenisation refers to replacement of actual card details with an alternate code called the “token”, which shall be unique for a combination of card, token requestor (i.e. the entity which accepts request from the customer for tokenisation of a card and passes it on to the card network to issue a corresponding token) and device (referred hereafter as “identified device”), informed RBI.

Here is all you need to know about the RBI card tokenisation rule:

1. A tokenised card transaction is considered safer as the actual card details are not shared with the merchant during transaction processing.

2. According to RBI, tokenisation has been allowed through mobile phones and / or tablets for all use cases / channels like- contactless card transactions, payments through QR codes, apps, among others.

3. The feature of tokenisation is available on consumer devices like mobile phones, tablets, laptops, desktops, wearables (wrist watches, bands, etc.), Internet of Things (IoT) devices, and more.

4. In order to avail the card tokenisation service, you will not have to pay any charges. That is, it is free of cost.

5. The card holder can get the card tokenised by initiating a request on the app provided by the token requestor. The token requestor will then forward the request to the card network which, with the consent of the card issuer, will issue a token corresponding to the combination of the card, the token requestor, and the device.

6. The registration for a tokenisation request is done only with explicit customer consent through Additional Factor of Authentication (AFA), and not by way of a forced / default / automatic selection of check box, radio button, etc. Customers will also be given the choice of selecting the use case and setting-up of limits, according to RBI.

7. Those who do not like the process, there is relief too. Tokenisation of cards is not mandatory. If you do not opt for the service, you will have to manually enter the card information to get the transaction done.