What is RBI’s Card Tokenisation Rule?

Reserve Bank of India (RBI) recently extended the deadline for complying with the card information storage rules by another six months.

Key Facts

  • Deadline was extended because merchants and payments companies expressed their inability to comply with the December 31 deadline.
  • RBI took this decision as industry bodies had requested the central bank to extend the deadline from December 31 highlighting multiple challenges in implementing new guideline.
  • Furthermore, merchants and banks were not prepared to switch to new system in specified time.

What are RBI’s guidelines on Tokenisation?

  • RBI had issued new guidelines in September 2021. Under the guidelines, merchants will not be able to store customers’ card data in their servers.
  • It prohibited merchants from storing customer card details as well as mandated for the adoption of card-on-file (CoF) tokenisation as an alternative to card storage.
  • The new rule was to be implemented from January 1, 2022.
  • As per RBI’s new directive on tokenisation, customer has to enter full card details each time to make payments online.

What is Tokenisation?

Tokenisation means replacement of actual card details with an alternate code dubbed as “token”. The token will be unique for a combination of card, token requestor and device. This token us used to do card transactions in contactless mode at point-of-sale terminals, code payments and quick response.

What is Card-on-File (CoF)?

In CoF transaction, cardholder authorises a merchant to store his/her Mastercard or Visa payment details. The cardholder then authorises same merchant to bill the stored Mastercard or Visa account.




Latest E-Books