The Reserve Bank of India (RBI) has asked all merchants and payment gateways to remove sensitive customer data on cards saved on websites to make online payments safer and secure. They suggested using encrypted tokens to carry transactions instead from 1 January 2022.
The proposal puts forth tokenisation, the replacement of actual card details with a unique alternate code called the token which is different for all users as well as the devices.
So from January onwards while making a payment, you will need to give consent with an additional factor of authentication (AFA) and then enter OTP as well as CVV. The card network creates a token as a proxy to the card number and sends it to the merchant or the payment gateway after authorization. This will ensure a reduction in frauds and data compromises.
“In fact, some merchants force their customers to store card details. Availability of such details with a large number of merchants substantially increases the risk of card data being stolen. In the recent past, there were incidents where card data stored by some merchants have been compromised/leaked,” RBI said
“Any leakage of CoF data can have serious repercussions because many jurisdictions do not require an AFA for card transactions. Stolen card data can also be used to perpetrate frauds within India through social engineering techniques,” the RBI further added.