Starting July 1, 2022, e-commerce companies such as Amazon and Flipkart or online delivery aggregators such as Zomato won't be able to save card information on their platforms, under new guidelines from the Reserve Bank of India (RBI). As per the new rules, customers carrying out an online transactions on any e-commerce platform will need to enter their debit or credit card details each time starting next year. However, customers can avoid the hassle and choose to provide consent to the platforms to tokenise their cards.
Back in March 2020, RBI issued guidelines which restricted merchants from saving customers' card details in order to boost security. In September this year, the regulatory body enhanced its guidelines on card tokenisation services in order to improve the safety and security. "The tokenisation of card data shall be done with explicit customer consent requiring Additional Factor of Authentication (AFA)," RBI had said in a press release. To note, the deadline for merchants and other payment aggregators for storing card data was first set as June 30, 2021, then extended to December 31, 2021, and now, has been extended to June 30, 2022.
Only Mastercard and Visa-issued cards can be tokenised as of now
Photo Credit: Screenshot/ Gadgets 360
Tokenisation helps replace card details with a unique algorithm-generated code, or token, which allows online purchases to go through without exposing card details.
So, what does this mean for a regular customer? Here are 10 quick takeaways:
- Starting July 1, 2022, customers will not be able to save their debit or credit card details on any e-commerce platform.
- Customers will have to re-enter card details every time they conduct an online transaction.
- To avoid the repeated hassle, customers can provide their consent to e-commerce companies to “tokenise” their cards. After receiving a customer's consent, e-commerce platforms will ask the card network to encrypt details with additional factor authentication as needed.
- Once the e-commerce platform receives the encrypted details, customers can save that card for future transactions.
- For now, only Mastercard and Visa-provided cards can be tokenised by most leading e-commerce platforms. It is expected that cards from other financial services should be able to be tokenised soon.
- The new RBI guidelines must be adhered to for both credit and debit cards.
- The new guidelines are not applicable to international transactions. Only domestic cards and transactions fall under the gamut of the new RBI guidelines.
- Customers won't need to pay any extra charge for tokenisation of cards.
- E-commerce platforms will show the last four digits of tokenised cards for customers to easily identify them, along with the issuing bank and card network name.
- Lastly, tokenisation of card is not mandatory. Customers can choose to tokenise their cards to carry out quick transactions or enter card details otherwise.
Editor's note:: An earlier version of this article mentioned RBI's December 31, 2021 deadline, which has since been extended till June 30, 2022. The article has been updated to reflect this change.