The new year is fast approaching and the online digital payment system is expected to be tweaked with new developments. From January 01, 2022, card tokenization services will come into effect.
There has been a huge increase in digital penetration across the country which is why it also leaves room for cybercrime. Therefore, to ensure that customers make secure online payments, the Reserve Bank of India (RBI) has requested all merchants and payment gateways not to store customer card credentials in their database. data or their server.
To implement the instructions, RBI has decided, on an ad hoc basis, to extend the deadline for payment aggregators and non-bank payment gateways by six months, i.e. until December 31, 2021, in order to to enable payment system providers and participants to implement viable solutions, such as tokenization.
This applies to e-commerce marketplaces that undertake aggregation of direct payments; E-commerce marketplaces using the services of an AP are considered merchants.
In September 2021, RBI announced improvements to the existing framework on card tokenization services. The improvements are – the device-based tokenization framework advised the empty circulars of January 2019 and August 2021 has been extended to card-on-file (CoFT) tokenization services, and card issuers have been allowed to offer services card tokenization as a token service. Suppliers (TSP). Tokenization of card data must be done with the explicit consent of the customer requiring an additional authentication factor (AFA).
The improvements are expected to enhance the safety and security of card data while continuing the convenience of card transactions.