The last date for businesses to tokenise debit and credit card data for online, point of sale, and in-app transactions is September 30.
The Reserve Bank of India has introduced the tokenisation norm to make customer transactions more secure.
Previously, the process had to be completed by June 30. However, the RBI extended the deadline by three months at the request of industry organisations. The extension also created awareness about the tokenisation process among debit and credit card customers.
Debit and credit card details like 16-digit card number, name, expiry date and CVV are required during an online transaction.
The online platforms used by customers also provide an option to save card data for easy completion of transactions in future. This data is known as "card on file" or CoF. However, this puts sensitive details at risk of being compromised by a cyber-attack.
The card details will be replaced with a randomly generated unique token with tokenisation. It will allow the payments to be made without disclosing customer details.
Apart from making the transaction more secure, tokenisation will also help create a smoother user experience for the customers.
After tokenisation, card data will not be saved anywhere except the card network. Customers can create tokenisation for multiple merchants.
What Happens After The Deadline?
The RBI has directed all merchants to delete customers' debit and credit card data by September 30 and replace it with tokens for online transactions. Failure to comply with the direction may invite penal action, including business restrictions.
For all online transactions after September 30, debit and credit card holders will either have to convert their card details into a token or enter the complete details for every transaction.
Is Tokenisation Mandatory?
The tokenisation of debit and credit card data is not mandatory for customers. They can choose to opt-out of the process. In that case, the customers will be required to enter their card details manually while performing an online transaction through their cards.
What Happens When Token Identification Is Lost Or Stolen?
The customers must complain to the concerned bank to report the case of loss, theft or any other event that can cause unauthorised usage of the tokenised device.