NEW DELHI: People are increasingly embracing online payments to buy food, shop, and book cabs as the country’s digital penetration rises. However, cyber fraudsters are constantly looking for ways to gain access to people’ data in the digital realm.
In 2020, the Reserve Bank of India announced adjustments to internet payment laws. It allowed online shops until the end of the year to begin using tokenization in September of this year. As a result, banks have been informing their clients. The new regulations will take effect on January 1st.
What exactly does this imply?
Merchants and payment gateways will be required to destroy all information held on their servers following the RBI’s mandate. This means that in order to make a payment on a merchant’s website, a user must input the entire card number.
Banks have begun alerting their customers about the changes that will take effect in the near future. Customers of HDFC, one of the country’s largest private banks, have begun receiving text messages informing them that they must either submit complete card details or opt for tokenization.
What exactly is tokenization?
The existing system relies on the correct values of the 16-digit card number, the card expiry date, the CVV, and the one-time password or OTP to complete transactions (in some cases transaction PIN too). Tokenisation is the process of replacing the actual card number with a different code known as “tokens.”
What makes tokenization more secure?
According to the RBI, a tokenised card transaction is safer because the merchant does not receive the actual card details during transaction processing.
The authorised card networks also store actual card data, tokens, and other necessary elements in a secure mode, according to the statement. The token requestor is unable to save the Primary Account Number (PAN), also known as the card number, or any other card information. Card networks are also required to have the token requestor approved for safety and security in accordance with internationally accepted standards.
De-tokenisation is the process of converting a token back to actual card information, according to the central bank. It went on to say that there are no fees associated with using this service.
What will be different on January 1st?
When you make your first payment to any merchant after January, you will be required to provide an additional element of authentication (AFA). By entering CVV of card and OTP, you will finish the payment finally.