The new rules for card tokenization RBI have put out new rules about how to store information about customer cards while processing online payments. This means that payment aggregators and retailers can no longer store the card information of any customer on their servers. But why would payment aggregators or merchants keep information about customers’ credit cards?
There are two main reasons why that might be:
i. A customer can buy a product or service more than once.
ii. The business may use a billing model called “recurring billing.” They might offer services that you can sign up for.
No matter what, customers wouldn’t want to keep entering their card information. This can be incredibly annoying for products that you have to pay for every month.
Most merchants and payment aggregators used to keep card information for their customers. This is called having a “Card on File.” As the name suggests, it means the customer cards that are saved on a server. This was the case until the RBI put out its new rules. Now, stores and companies that collect payments had to find a new way to store card information. A customer couldn’t be asked to enter their card information over and over again.
What is Tokenization?
In March 2020, RBI put in place rules that limited how long custom cards could be stored.
The most recent rules, however, say that only the bank that issued the card can store the actual card data. (The issuing bank can also be called the client’s bank. It is the bank that gave the customer a credit or debit card.) So as a way to deal with these new rules, cards were given digital tokens.
What are the card tokenizations though?
The process of card tokenization:
1. Takes the sensitive information from the card (for instance, the card number, CVV, and expiry date)
2. Puts in a random “token” in its place.
3. So, each number on a card will have its token. It’s important to know that this token will only be used by the person who asked for it and the person who sold it.
Card Tokenization deadline
The Reserve Bank of India (RBI) has moved the deadline for tokenizing debit and credit cards to September 30, 2022. The RBI had previously given merchants and payment aggregators until June 30 to get rid of all card details and replace them with tokens.
This extra time could be used by the industry to:
(a) Help all parties get ready to handle tokenized transactions;
(b) Process transactions based on tokens;
(c) Set up an alternative way to handle all post-transaction activities (like chargeback handling and settlement) related to guest checkout transactions that currently involve or require storage of CoF data by entities other than card issuers and card networks, and
(d) Make sure that all parties are ready to handle tokenized transactions.
How tokenised transactions will affect Merchants?
Credit card tokenization helps online businesses protect their data from the time it is collected until it is stored. This is because it stops credit card numbers from being stored in POS machines and other internal systems. But the best thing about tokenization is that it makes security breaches less bad for merchants.
Since merchants’ systems now store tokens instead of credit card numbers, hackers will get tokens that they can’t use. Data theft is expensive, and many retailers and banks have lost a lot of money because of it. This is made less likely by tokenization.
Debit Card and Credit Card Tokenization
Masking and other security measures are used by the platforms used by the merchant to save these card details.
Debit and credit card tokenization is the process of replacing sensitive data from the company’s internal network with a token, which is a randomly generated, one-of-a-kind placeholder.
How do cards get tokenized?
Here is a short explanation of how tokenising cards works.
- The customer chooses the product or service and asks the merchant to start the payment process. The customer may also be someone who subscribes regularly.
- The merchant then takes the information from the card and starts the token request from the Token Requester.
- The person who wants a token calls the Token Service Provider, which is the Card Network. The token is then given out by the card network.
- The person who asked for the token sends the combined token data to the person who collects payments.
- After that, the Payment Aggregator starts processing online payments.
The card tokenizations will make it difficult for the customers as they might have to enter their card number as usual and check a box if they want to save it. After that, the process of tokenization will be started by the merchant.
However, merchants can find card tokenization very useful. For merchants, card tokenization makes security breaches less of a problem.
1. What is card tokenization?
Ans: Credit and debit card tokenization is the process of replacing sensitive data from the company’s internal network with a token, which is a randomly generated, one-of-a-kind placeholder.
2. What is the deadline for card tokenization?
Ans: September 30 2022, is the deadline for card tokenization.
3. What is a card on file?
Ans: For the most part, merchants and payment aggregators keep customer card information, which means the customer cards are saved on a server.
4. Do merchants benefit from card tokenization?
Ans: Yes, merchants will be benefited from card tokenization, as it reduces the overall threat of security breaches for merchants.