Starting 1 January, 2022, companies or merchants will not be allowed to save card information on their websites. The RBI had issued guidelines to move towards card tokenisation in March 2020 and re-issued fresh guidelines in September 2021 to boost data security.
Companies have until the end of the year to comply with regulations and got the option to tokenise. Tokenisation is a process by which card details are replaced by a unique code or token, generated by an algorithm, allowing online purchases to go through without exposing card details, in a bid to improve data security.
The RBI has ordered all companies in India to purge saved credit and debit card data from their systems from 1 January, 2022.
Credit card transactions in India crossed the ₹1 trillion ($13.13 billion) mark in October while other modes of digital payments have also seen a sharp uptick over the years.
What does this mean for customers
Starting January 1, 2022, users will not be able to save their debit or credit card details on any e-commerce platform.
They may well have to re-enter card details every time they transact online.
Users can also give their consent to e-commerce companies or other online platforms to tokenise cards who will then ask card networks to encrypt details with additional factor authentication as needed.
Once the e-commerce platform receives the encrypted details, customers can save that card for future transactions.
Merchants and bankers argue they have not been given enough time to comply with the changes, while opting out of tokenisation would mean a customer would need to manually key in their card details each time they completed an online purchase, which could put some customers off.