Play all audios:
From 1 October, online transaction norms for debit and credit cards will change for all users as the Reserve Bank of India's (RBI) card-on-file (CoF) tokenisation norms kicks in. But
what is tokenisation? How will this change your online transactions? And why has it been put in place? What is tokenisation? Tokenisation refers to the replacement of information or
sensitive digital data with a digitally generated token. The process helps do away with a customer's card information being stored on any merchant, payment gateway, or third-party
platform. While paying for something online, users will no longer have to punch in the 16 digit number on their card. The operating bank will issue a non-sensitive, equivalent digital token
for the transaction. The tokenisation process will also mask names on the card, expiry dates, and CVV codes, for an added layer of security Why is the RBI switching to tokenisation? Like we
mentioned, card details and user data are often stored on payment or merchant gateways. It is this data storage on websites that could make the customer's data vulnerable to online
phishing and fraud. Tokenisation is considered to be a safer alternative, as the actual card details are not available to a merchant during a transaction. The customer's card details
are only stored with the bank and the authorised card network. When will the tokenisation process begin? The process will begin from 1 October. How do I get a token? To obtain a token, the
cardholder needs to go through a one-time registration process while utilizing their cards on any e-commerce platform. As soon as they enter their card details, it gives consent to create a
token, which is then validated by way of authentication through an additional-factor-of-authentication (AFA). After this, a token is created which can be used for future transactions with
the CVV number and an OTP. The RBI has also told merchants to create a "token reference number" against each token. Only these reference numbers are saved by the merchants. Once a
fraud is detected, the same token cannot be used again. Users will have to request a new token. What if I don't want to tokenise my card? Customers can choose whether or not to get
their card tokenised, according to _CNBC TV18_. If they not do not want to get their card tokenised, starting from 1 October 2022, cardholders will just have to enter the full card number,
CVV, and expiry date of the card for each individual online transaction. How will the rules affect me if I own a business? The tokenisation system has been met with mixed reactions. While
banks, card companies and large retailers are prepared, smaller merchants may face trouble, as this move could lead to revenue losses in the short-term if they're inadequately prepared.
(_With inputs from CNBC TV18_.) Published: 29 Sep 2022, 1:48 PM IST