New debit, credit card rules from today: From tokenisation to credit limit, what’s changed
As per RBI, tokenisation refers to replacement of actual card details with an alternate code called the ‘token’ which shall be unique for a combination of cards, token requestor and device. This means an extra layer of security and that websites will no longer have card details on file
New rules protecting debit and credit card customers from cyberfraud and data theft have come into effect from today (1 October).
This comes after the Reserve Bank of India (RBI) mandated the adoption of card-on-file (CoF) tokenisation for domestic online purchases.
In late June, the RBI had extended the card-on-file (CoF) tokenisation deadline to 30 September on the back of various representations received from stakeholders. The earlier deadline was 30 June.
The stakeholders had some issues related to the implementation of the framework in respect of guest checkout transactions among others. They also said that a number of transactions processed using tokens were yet to gain traction across all categories of merchants.
But what are the new changes? What is card tokenisation? Let’s take a closer look
As per the Reserve Bank of India (RBI), tokenisation refers to replacement of actual card details with an alternate code called the “token”, which shall be unique for a combination of card, token requestor and device.
A tokenised card transaction is considered safer as the actual card details are not shared with the merchant during transaction processing.
As per the RBI, only banks and networks will be allowed to store customer card data from 30 September.
What does this mean for customers?
This means there will be an extra layer of security for debit and credit card holders.
Websites such as Amazon, Flipkart, Paytm will no longer have card details details on file.
Follow these steps to tokenise a card:
- Go to any online website or mobile application frequently used to purchase food, grocery or clothes
- Initiate a transaction
- At checkout page, select credit card or debit card payment option. Enter CVV
- Click “secure your card” or “save card as per RBI guidelines”
- Enter the OTP received on your registered mobile number
- The credit or debit card is now successfully tokenised and is secured
- The next time you visit the website, only the last four digits of your card will be displayed
It tokenisation mandatory?
It is important to note that tokenisation is not mandatory.
It is also free of charge.
However, consumers who do not tokenise their cards will have to put in all of their card details whenever making purchases.
Experts have lauded the move.
Gaurav Kapoor, director and co-founder, Fincorpit Consulting told Mint, “This move of RBI to make tokenisation mandatory for the merchants is a step forward to control the menace of cyberattacks.”
Rama Mohan Rao Amara, MD & CEO, SBI Cards and Payment Services (SBI Card) told PTI, “It is a very good measure in terms of protecting the consumer interest and ensuring against any data leakage.”
OTP, credit limit, interest charges
Three other big changes have also come into place.
As per The Times of India, those issuing credit cards must obtain One Time Password (OTP)-based consent if a cardholder hasn’t activated their card for more than 30 days from the date of issuance. If a consumer declines card activation, the issuer must cancel the credit card without charge in seven working days, as per the report.
Meanwhile, the Centre has placed the onus on card issuers to ensure the credit limit is conveyed to and approved by the consumer and that the limit is never exceeded without written permission from the cardholder.
The RBI circular also states “The terms and conditions for payment of credit card dues, including the minimum amount due, shall be stipulated so as to ensure there is no negative amortization. An illustration is included in the Annex. The unpaid charges/levies/taxes shall not be capitalized for charging/compounding of interest.”
With inputs from agencies
IEDs kill more people each year than any other explosive ordnance - accounting for 43 per cent of all global civilian casualties from explosive weapons. The IED used in Mangaluru was made by placing explosive material inside a pressure cooker and fastening a blasting cap to its lid
The move comes after Madhya Pradesh High Court passed an interim order stopping the government from prosecuting interfaith couples who marry without giving the district magistrate a 60-day notice — mandated under Section 10 of the MP Freedom of Religion Act (MPFRA) 2021
Border authorities say incidents of Unmanned Aerial Vehicles bringing drugs, arms, and ammunition across the border more than doubled from 2021. While there is no silver bullet, security forces in Punjab and Jammu are set to receive an indigenous anti-drone system