New rules for debit, credit card holders from next month


The Reserve Bank of India (RBI) has mandated that all credit and debit card details used in online, point-of-sale and in-app transactions be replaced with unique tokens by September 30 this year have to. The deadline was extended by three months from July.

Here’s everything you need to know about the new rules for debit and credit card holders that will come into effect from October:

What is card tokenization?

According to RBI, tokenization refers to replacing the actual card data with an alternative code called a “token”.

What is the benefit of tokenization?

A tokenized card transaction is considered more secure as the actual card details are not shared with the merchant during the processing of the transaction.

How can tokenization be carried out?

The cardholder can have the card tokenized by initiating a request in the app provided by the token requester. The token requestor forwards the request to the card network, which, with the consent of the card issuer, issues a token that matches the combination of card, token requestor, and device.

Also Read :  Simply Put: What tokenisation of card means to consumer

What are the fees that the customer has to pay to use this service?

The customer does not have to pay any fees for using this service.

Who can perform tokenization?

Tokenization can only be performed by the authorized card network and the list of authorized bodies is available on the RBI website.

What are the fees that the customer has to pay to use this service?

The customer does not have to pay any fees for using this service.

For which use cases (instances/scenarios) is tokenization allowed?

Tokenization has been allowed via mobile phones and/or tablets for all use cases/channels (e.g. contactless card transactions, payments via QR codes, apps, etc.)

Is tokenizing a card mandatory for a customer?

No, a customer can choose whether or not to have their card tokenized. Those who do not want to create a token can continue their transactions as before by manually entering the card details at the time of the transaction.

Also Read :  This Week in Cannabis Investing: Legalization is Popular Ahead of Midterms

Is the loyalty card data secure after tokenization?

Actual card data, tokens and other relevant details are stored in a secure mode by the authorized card networks. The token requestor cannot store the Primary Account Number (PAN), ie the card number, or other card details. Card networks are also required to have the token requestor certified for security and protection that conforms to international best practices / globally recognized standards.

How does the registration process for a tokenization request work?

Registration for a tokenization request is only done with the customer’s explicit consent through an additional authentication factor (AFA) and not through a forced/default/automatic selection of checkboxes, radio buttons, etc. The customer is also given the choice of use case selection and setting up limits.

Also Read :  Today's Mortgage, Refinance Rates: Sept. 27, 2022

Is there a limit to the number of cards a customer can request for tokenization?

A customer can request tokenization of any number of cards. To carry out a transaction, the customer is free to use any of the cards registered with the Token Requestor app.

Who should the customer contact if they have problems with their tokenized card? Where and how can he/she report the device loss?

All complaints should be addressed to the card issuers. Card issuers must provide customers with easy access to report the loss of an “identified device” or other such events that could expose tokens to unauthorized use.

Can a card issuer refuse tokenize a specific card?

to Based on risk perception, etc., card issuers can decide whether to allow cards they issue to be registered by a token requestor.

Get all the business news, market news, breaking news and latest news updates on Live Mint. Download the Mint News app for daily market updates.

More less

Subscribe to something Mint newsletter

* Enter a valid email address

* Thank you for subscribing to our newsletter.

Post your comment



Source link