The Reserve Bank of India (RBI) on Friday extended the timeline on credit card and debit card tokenisation, by three months till September 30. The rules were earlier supposed to be complied with from July 1. The move comes after industry stakeholders highlighted some issues related to the implementation of the framework in respect of guest checkout transactions, the central bank said in a statement.
After the tokenisation of debit and credit card, merchants cannot store the card user’s sensitive information like its number or CVV during an online payment. Till date, about 19.5 crore tokens have been created.
Opting for card-on-file tokenisation (creating tokens) is voluntary for the cardholders. Those who do not wish to create a token can continue to transact as before by entering card details manually at the time of undertaking the transaction, commonly referred to as ‘guest checkout transaction’.
The RBI said in the statement said the industry stakeholders have highlighted some issues related to the implementation of the framework in respect of guest checkout transactions. The RBI said the number of transactions processed using tokens is yet to gain traction across all categories of merchants.
“These issues are being dealt with in consultation with the stakeholders, and to avoid disruption and inconvenience to cardholders, the Reserve Bank has today announced extension of the said timeline of June 30, 2022 by three more months, i.e., to September 30, 2022,” the central bank said.
It added that this extended time period may be utilised by the industry for facilitating all stakeholders to be ready for handling tokenised transactions; processing transactions based on tokens; and creating public awareness about the process of creating tokens and using them to undertake transactions.
The extra time will also be utilised by the industry for implementing an alternate mechanism(s) to handle all post-transaction activities (including chargeback handling and settlement) related to guest checkout transactions, that currently involve /require storage of CoF data by entities other than card issuers and card networks, according to the statement.
How is Card Tokenisation Done?
To create a token, the cardholder has to undergo a one-time registration process for each card at every online/ e-commerce merchant’s website/ mobile application, by entering the card details and giving consent for creating a token. This consent is validated by way of authentication through an additional factor of authentication (AFA). Thereafter, a token is created which is specific to the card and online / e-commerce merchant, i.e., the token cannot be used for payment at any other merchant.
For future transactions performed at the same merchant website/ mobile application, the cardholder can identify the card with the last four digits during the checkout process. Thus, the cardholder is not required to remember or enter the token for future transactions. A card can be tokenised at any number of online / e-commerce merchants. For every online / e-commerce merchant where the card is tokenised, a specific token will be created.
Read all the Latest News , Breaking News , watch Top Videos and Live TV here.