Reserve Bank of India guidelines for credit and debit cards
E-commerce operators not allowed saving card information on their platforms from January 2022
By : Legal Era
Update: 2021-12-22 03:30 GMT
Reserve Bank of India guidelines for credit and debit cards E-commerce operators not allowed saving card information on their platforms from January 2022 The Reserve Bank of India (RBI) has issued new guidelines for e-commerce operators including Amazon, Flipkart, Nykaa and Myntra and online food-delivery aggregators including Zomato and Swiggy. As per the rules, these operators would...
Reserve Bank of India guidelines for credit and debit cards
E-commerce operators not allowed saving card information on their platforms from January 2022
The Reserve Bank of India (RBI) has issued new guidelines for e-commerce operators including Amazon, Flipkart, Nykaa and Myntra and online food-delivery aggregators including Zomato and Swiggy. As per the rules, these operators would not be able to save a person's credit or debit card information on their platforms.
As a result, customers would have to re-enter the details of every online transaction. He/she would not have to save the 16-digit credit or debit card number along with the card's expiry date on the website.
But to simplify the matter and reduce online fraud, the RBI has introduced card on file (CoF) tokenization guidelines. It mandates replacing the actual card data with an encrypted digital token to facilitate and authenticate transactions. So, the only way to avoid any hassle would be by making a card payment through the 'tokenization' process.
In 2020, the RBI had said that payment aggregators and their onboarded merchants must not save the card details of the users. It allowed card issuers to offer card tokenization services as Token Service Providers (TSPs). This would be facilitated through consumer consent and require 'Additional Factor of Authentication (AFA)'.
With tokenization, the entities involved in the transaction would not have to memorize the card details, as the card gets converted into a unique 'token' that facilitates the payment through an optional code. The token card data would be used in place of the actual card number for future online purchases as directed by the card users. It would be safer than the real card details to make payments and share with online merchants.
According to the RBI, only card networks including Visa, MasterCard, American Express and RuPay would be able to use the tokenization technology.
With fraud increasing drastically due to online banking, the RBI has made online payments more secure. It has directed merchants/payment gateways to remove sensitive details of customers' credit and debit cards that they had saved.
Meanwhile, only domestic cards and transactions fall under the gamut of the new guidelines, which would not be applicable to international transactions. Also, there would not be any extra charge for the tokenization of the cards.