RBI extends deadline for tokenisation of debit and credit cards

Reserve Bank of India (RBI) has extended the timeline for tokenisation of debit and credit cards by three months. Tokenisation can now be done till September 30, 2022.

Key Points

  • This decision was taken in consultation with stakeholders, in order to avoid disruption and inconvenience to cardholders.
  • Earlier, June 30, 2022 was the last date for card tokenisation.
  • Under the framework, RBI has directed cardholders to create “tokens” using card details. These tokens can be stored by merchants to process transactions in the future.
  • Thereby, CoFT obviates the need to store card details with merchants and provides the same level of convenience to cardholders
  • As of now, around 19.5 crore tokens have been created.

Benefits of extension

According to RBI, extended time period can be utilised by the industry:

  • To facilitate stakeholders to be ready for handling tokenised transactions.
  • To process transactions on the basis of tokens.
  • To implement an alternate mechanism for handling all post-transaction activities.
  • To create public awareness on process of creating tokens and using them for undertaking transactions.

Present Scenario

Currently, many entities involved in online card transaction chain store card data such as expiry date, card number, stating convenience of cardholder to undertake transactions in the future. But this practice was risker as data can be stolen or misused. There have been several stances, where stored data by merchants or other entities have been compromised.

Why was this step taken?

As per RBI, many jurisdictions do not make Additional Factor of Authentication (AFA) mandatory, for authenticating card transactions. Thus, stolen data in fraudsters hands, could lead to unauthorised transactions and monetary loss to cardholders. Thus, in December 2021, RBI mandated entities other than card issuers and card networks to not store debit or credit card data with them. Thus, RBI issued a framework for CoF Tokenisation (CoFT) services.

Alternatives to Token

For people who do not wish to create a token, can continue to transact as earlier, by entering card details manually, at the time of transaction. This transaction is termed as “guest checkout transaction”.




Latest E-Books