As of July 1, 2022, e-commerce companies like Amazon and Flipkart or online delivery aggregators like Zomato will not be able to store card information on their platforms according to the new guidelines of the Reserve Bank of India (RBI). Under the new rules, customers who conduct online transactions on an e-commerce platform will have to enter their debit or credit card details every time starting next year. However, customers can save themselves the hassle and choose to give the platforms their consent to tokenize their cards.
As early as March 2020, the RBI issued guidelines that prevented retailers from saving their customers’ card data in order to increase security. In September of this year, the regulator expanded its guidelines on card tokenization services to improve security. “The tokenization of card data takes place with the express consent of the customer, which requires an additional authentication factor (AFA),” said the RBI in a press release. It should be noted that the deadline for merchants and other payment aggregators to store card data has been extended to June 30, 2021, then to December 31, 2021 and now to June 30, 2022.
Tokenization helps replace card details with a unique code or token generated by an algorithm that makes it possible to make online purchases without revealing card details.
What does that mean for a regular customer? Here are 10 quick takeaways:
- As of July 1, 2022, customers will not be able to save their debit or credit card details on any e-commerce platform.
- Customers have to re-enter their card details for every online transaction.
- To avoid the repeated hassle, customers can give e-commerce companies their consent to “tokenize” their cards. After receiving the customer’s consent, e-commerce platforms request the card network to encrypt the data with additional factor authentication if necessary.
- Once the e-commerce platform receives the encrypted data, customers can save this card for future transactions.
- Currently, only cards provided by Mastercard and Visa can be tokenized by most leading e-commerce platforms. It is expected that cards will soon be able to be tokenized by other financial services.
- The new RBI guidelines must be observed for both credit and debit cards.
- The new guidelines do not apply to international transactions. Only domestic cards and transactions fall under the new RBI guidelines.
- Customers do not have to pay any additional fees for card tokenization.
- Ecommerce platforms display the last four digits of tokenized cards so customers can easily identify them, along with the name of the issuing bank and card network.
- Finally, tokenization of the card is not mandatory. Customers can choose to tokenize their cards for quick transactions or otherwise enter card details.
Publisher’s Note:: An earlier version of this article mentioned the RBI’s deadline of December 31, 2021, which has since been extended to June 30, 2022. The article has been updated to reflect this change.