The Reserve Bank of India (RBI) extended the deadline for tokenisation of debit and credit cards to September 30, 2022, from the earlier deadline of June 30.
“The industry stakeholders have highlighted some issues related to implementation of the framework in respect of guest checkout transactions. Also, number of transactions processed using tokens is yet to gain traction across all categories of merchants. These issues are being dealt with in consultation with the stakeholders, and to avoid disruption and inconvenience to cardholders, the Reserve Bank has today announced extension of the said timeline of June 30, 2022 by three more months, i.e., to September 30, 2022. This extended time period may be utilised by the industry for, (a) facilitating all stakeholders to be ready for handling tokenised transactions; (b) processing transactions based on tokens; (c) implementing an alternate mechanism(s) to handle all post-transaction activities (including chargeback handling and settlement) related to guest checkout transactions, that currently involve /require storage of CoF data by entities other than card issuers and card networks; and (d) creating public awareness about the process of creating tokens and using them to undertake transactions,” RBI said in a notification issued on June 24, 2022.
Till date, about 19.5 crore tokens have been created. Opting for CoFT (i.e., creating tokens) is voluntary for the cardholders. Those who do not wish to create a token can continue to transact as before by entering card details manually at the time of undertaking the transaction (commonly referred to as “guest checkout transaction”).
Here some important FAQs as per Card website.
1. What is Tokenisation?
Tokenization is the process of replacing a card’s 16-digit number on the plastic card with a unique alternate card number, or ‘Token’ which shall be unique for a combination of card, token requestor and device. Tokens can be used for online transactions, mobile point-of-sale transactions or in-app transactions. This token contains no personal information that can be directly accessed and keeps changing making it the most secure method to complete payments.
2. What is the RBI’s new tokenisation guideline?
RBI has directed the payment aggregators, wallets and online merchants (entities in card transaction/payment chain other than card issuers/card networks) not to store any sensitive card related customer information including full card details. Hence, the card numbers can be replaced with ‘token’ as mentioned above. This RBI mandate would come into effect from October 1, 2022. Please be assured that this will not hamper your credit card experience but will make your credit card transactions more secure.
3. What happens to my saved cards from October 1, 2022?
As the card details will not be saved from October 1, 2022 you will need to tokenize your card on the corresponding Merchant website or app. You can then continue to make payments without entering your card details again on that Merchant if you have generated a token. If you do not tokenize your card, then you would have to manually enter your full card details for making transactions.
4. How would tokens be used by online Merchants?
This token will be used instead of your card details for all the online payments you make on the merchants.
5. What is the benefit of tokenisation?
A tokenized card transaction is considered safer as the actual card details are not shared / stored with the merchants to perform the transaction.
6. How do I tokenize my card with online Merchant?
You should follow the instructions specified by the online Merchant and follow the registration and verification flow in order to register for tokenisation and store the token with the online Merchant. Generally, the process would entail filing your card details, followed by verification via OTP and then a token will be generated associated with your card. This token will be saved by the online Merchant.
7. What happens if I do not tokenize my card?
If you do not choose to tokenize your card then you will have to enter all your card details including card number, expiry and CVV for every payment you make.
8. How can I delete token generated by me?
You can delete token by directly going to the merchant’s website/app and deleting the card associated with the token from your payment preferences. Alternatively, you can also call SBI Card’s helpline to request for deletion.
9. Is there any limit on the number of cards that I can request for tokenisation?
You can request for tokenisation of any number of cards to perform a transaction
10. Can I select which card to be used in case I have more than one card tokenized?
For performing any transaction, you will be free to use any of the cards registered with the token requestor / merchant.
11. Once tokenized, how will the I get to see the card details on the merchant page?
You will be able to see the last 4 digits of the card on the merchant page.