Updated: September 8, 2021 12:05:07 pm
The Reserve Bank of India (RBI) has directed that no entity or merchant, other than card issuers and card networks, should store card details — or card-on-file (CoF) — from January 1, 2022. Simultaneously, it has also extended tokenisation of CoF by card issuers.
“With effect from January 1, 2022, no entity in the card transaction or payment chain, other than the card issuers and card networks, should store the actual card data. Any such data stored previously will be purged,” the RBI said in a circular. It had earlier barred storage of data in March 2020, but extended the deadline to December 31, 2021.
Tokenisation refers to replacement of actual card details with an alternate code called the “token”, which will be unique for a combination of card, token requestor and device. It reduces the frauds that occur by sharing card details like card number and CVV. The token is used to perform card transactions in contactless mode at point-of-sale terminals, quick response and code payments.
A CoF transaction is a transaction where a cardholder has authorised a merchant to store the cardholder’s Mastercard or Visa payment details. The cardholder then authorises that same merchant to bill the cardholder’s stored Mastercard or Visa account.
E-commerce companies and airlines and supermarket chains normally store card details in their system, the central bank said.
The Reserve Bank has permitted card issuers to offer card tokenisation services as token service providers (TSPs). The facility of tokenisation will be offered by the TSPs only for the cards issued by or affiliated to them.
📣 The Indian Express is now on Telegram. Click here to join our channel (@indianexpress) and stay updated with the latest headlines
- The Indian Express website has been rated GREEN for its credibility and trustworthiness by Newsguard, a global service that rates news sources for their journalistic standards.