Fri, 10,sep, 2021
RBI new guidelines for card Token service.
RBI announced E-commerce sites cannot store customers card details
Latest News, current affairs for competitive exams
Digital payments have soared during the pandemic, along with the advancement of technology.
Such developments, however, also carry a threat of fraud and other security concerns.
When it comes to digital payments, RBI follows the 'safe, secure, simple and fast' mantra to facilitate the growth of a strong and vibrant payments industry ecosystem.
Especially with more and more Indian going online and using digital payments as the primary means for effecting transaction, fraud and security have become a paramount concerns.
The RBI has taken several steps to mitigate these kinds of risks.
Recently the RBI has even brought in regulations to check these threats and make the payment environment safe for customers.
On 17th September 2021, the RBI issued a circular, saying, "with effect from Jan 1th 2022, no entity in the card translation or payment chain, other than the card issuers and, or card networks, will be able to store the actual card data.
Any such data stored previously will be purged."
Additionally, "For transactions tracking or reconciliation purposes, entities can store limited data such as last for digits of the actual card number and card issuers name- in compliance with the applicable standards," Said RBI.
Do we have to enter details everytime?
Customers will not have to input their credit card details on e-commerce sites they frequent even after the RBI rule barring storage of card data by marchants kicks in from January 1st, 2022.
Fast check outs can continue with the RBI permitting card-on-file tokenisation.
This allows customers to ask their banks to issue tokens to the online merchant in place of card details.
This will enable subsequent payments without the card details.
What is Tokenisation?
When you use your card, debit or credit, for a transaction, the execution of the transaction is based on information like the 16-digit card number, the card expiry date, the CVV as well as the one-time password or transaction PIN.
In fact, a transaction is successful only if all of these variables are entered correctly for a specific transaction.
Tokenisation refers to replacement of actual card details with a unique alternate code called the "Token".
This token is unique for each combination of card, token requestor and device.
How secure is Token.
If a fraudsters gets hold of the token details, they cannot be used for payment as it would not be coming from the registered device.
Also, tokenisation would still required two-factor authentication.
Even if hackers breach and e-commerce site, all they can get is tokens which cannot be use by anyone else.
As against this, a breach today will provide them with the full card details that are accepted for payment in some countries without an OTP.
Devices Tokenisation work.
RBI had last month extended the scope of 'Tokenisation' card payment services to several customers devices including, laptops, desktops, wearables like wrist watches, bands and internet of things. In addition to mobile phone and Tablets.
Read more
0 comments:
Post a Comment
please to not enter any spam link in the comment box