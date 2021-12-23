Representative image (Source: Shutterstock)

The Reserve Bank of India (RBI) has asked all merchants not to save customer details of debit and credit cards on their websites to boost data security while offering them the tokenisation option under which card details will get replaced by a unique code or token generated by an algorithm.

The new rules will come into effect from January 1.

The changes that will take place:

-Merchants and payment gateways will have to delete all card information stored on their servers. To make payments on merchant websites, full card details have to be entered by a user.

-Many lenders have started informing their customers about the changes that will come into effect from January.

-When a user makes the first payment to any merchant, he/she will need to give consent with an additional factor of authentication. The user will complete the payment by keying in the card’s CVV and OTP (card verification value and one-time password).

What exactly is Tokenisation?

It refers to the replacement of the actual card details with an alternative code called the "token" allowing online purchases to go through without exposing sensitive information to cyber criminals.

Is Tokenisation safer?

According to the RBI, a tokenised card transaction is considered safer as the actual card details are not shared with the merchant during the processing of the transaction.

The central bank has said that the actual card data, token and other relevant details will be stored in a secure mode by the authorised card networks. The token requestor cannot store Primary Account Number (PAN), that is, card number, or any other card detail. Card networks are also mandated to get the token requestor certified for safety and security that conform to international best practices.

The central bank also said that conversion of the token back to actual card details is known as de-tokenisation. It added that the customer need not pay any charges for availing this service.