The Reserve Bank of India (RBI) has made it mandatory for all credit and debit card data used in online, point-of-sale, and in-app transactions to be replaced with unique tokens by September 30 this year. Under these rules, domestic merchants cannot store your card information like its number and CVV when you make an online payment.
The RBI has notified these tokenisation guidelines to make the online payment system more secured and safer, whereby consumers will have the ultimate authority before anyone can access their sensitive information.
The deadline was extended by three months starting July.
As per the RBI, tokenisation refers to the replacement of actual card details with an alternate code called the "token". A tokenised card transaction is considered safer as the actual card details are not shared with the merchant during the processing of the transaction. The cardholder can get the card tokenised by initiating a request on the app provided by the token requestor.
It is said that tokenisation of debit and credit cards is not mandatory. A customer can also choose not to tokenise their cards but in that case paying online will take more time.