New Delhi, India: For all credit and debit card holders, there will be some good news soon: starting July 1, 2022, internet businesses will no longer be able to store client card data.
Last year, the Reserve Bank of India (RBI) introduced debit and credit card tokenization laws to ensure client safety. Merchants were prohibited from retaining customer card data on their systems under the restrictions.
These card tokenisation rules will now come into effect from July 1, 2022.
RBI had made adoption of card-on-file tokens for domestic online purchases mandatory. The deadline for adoption of card tokens across the country was extended by six months from January 1, 2022 to July 1, 2022.
It will be stored as an encrypted “token” to help customers make secure transactions. These tokens will allow payment to be made without disclosing customer details. RBI guidelines make it mandatory to replace the original card data with an encrypted digital token.
Therefore from July 1, 2022, merchants will have to delete customers’ debit and credit cards’ data from their records.
The card tokenisation system is not mandatory. Therefore if a customer has not given consent for tokenisation of his or her card, then the customer will have to enter all card details like name, card number and card validity instead of entering the card verification value or CVV, every time while making an online payment.
At the same time, if a customer is agreeable towards card tokenisation, then he or she will only have to enter the CVV or one time password (OTP) details while doing the transaction.