Explained: New credit and debit card rules for online payment starting next month

June will be a remarkable month for debit and credit card holders as the Reserve Bank of India (RBI) has legislated the introduction of tokenization of card transactions, with a deadline of June 30, 2022. Tokenization concerns replacing existing card details. with a unique code called a token, and the implementation of a tokenization request is done through an additional authentication factor (AFA) by the cardholder. This RBI decision will secure your credit card credentials. If you opt into the tokenization system until the end of June and fail to do the necessary, you will have to manually enter your card details each time you make digital transactions from July onwards. .

What is card tokenization?

Transactions made via tokenized cards will be a security measure to combat fraud, as the actual card details will be replaced with a token when sharing the card details with the merchant during a transaction. This token will be unique for each card and also for the token requester and the merchant during digital transactions from July. What ICICI Bank says about the card tokenization system is “Tokenization refers to the replacement of the real or clear card number with an alternative code called a “Token”. This must be unique for a combination of card, applicant token (i.e. the entity that accepts the customer’s request for the tokenization of a card and forwards it to the card network to issue a corresponding token) and the merchant (the token requester and the merchant may or may not be the same entity).”

How will card tokenization protect your card details from fraudsters?

Before the card tokenization system, cardholders followed a trend in which they registered their card details over the internet on the merchant’s website. This approach saves cardholders time as they won’t have to manually enter card details for future transactions. This has led many fraudsters to steal card credentials and become a victim of the cardholder by losing money from the account. To combat fraudsters and escalating card scams, the RBI has implemented Tokenization – Card Transactions, in which confidential card details are not shared with anyone and are no longer stored on the internet.

Regarding the safety and security of the card tokenization system, ICICI Bank states, “The actual card data, token and other relevant details are stored in secure mode by authorized card networks. The token requester cannot store the Master Account Number (PAN), i.e. card number or any other card details. Card networks are also mandated to get the token applicant certified for safety and security that conforms to international best practices/globally accepted standards.”

Benefits of card tokenization

To continue, card tokenization is not necessary; a customer can either choose to have their card tokenized, and if not, they must enter full card details each time to transact online until the end of June , meaning it can store card details further to complete transactions. A token will be unique for a single card at a specific merchant, which will undoubtedly increase card security, and card tokenization should be applied by each cardholder considering the risk of theft. Card tokenization is free and a cardholder can use any of their cards authorized by the token requester to complete any transaction.

Once the card has been tokenized on the merchant portal, the customer can only see the last four digits of the card, and if the card is replaced, renewed, reissued or upgraded, the cardholder will need to create at again a token in order to visit the merchant site. For cardholders using multiple cards, ICICI Bank clarified that the “Bank will provide a portal for cardholders to view and manage token cards. Cardholders can view/delete tokens for respective cards through this portal. Customers can also call Phone Banking to apply for token card management.” In terms of card security and token card management, opting to move before the deadline will not hinder you from using your card securely each time you use it for an online transaction and will also prevent your card details from being used in the wrong hand.

How can card tokenization be implemented?

Tokenization can only be done by recognized card networks such as Visa/Mastercard/American Express/Rupay, as well as issuing banks. The cardholder can obtain card tokenization by initiating a solicitation on the merchant portal, which accepts customer requests for card tokenization and effectively forwards the request to the issuing bank or card network. Your token will be issued promptly with the approval of your card-issuing bank, in accordance with the card, the token requester and the merchant, after which you can successfully conduct domestic credit or debit card transactions at the using your token card. For the registration of a tokenization request, ICICI Bank states: “The registration of a tokenization request is done only with the explicit consent of the customer via an additional authentication factor (AFA), and not by means of ‘a forced/default/automatic selection of checkboxes, radio buttons, etc.’

To subscribe to Mint Bulletins

* Enter a valid email

* Thank you for subscribing to our newsletter.