Debit and credit card rules extended to some extent after getting a lots of representations from different industry sectors. The Reserve Bank of India (RBI) has again extended the debit and credit card token rule deadline to September 30.The Reserve Bank stated that the industry stakeholders had stated some issues related to the implementation of the framework in respect of guest checkout transactions. Also, several transactions processed using ‘tokens’ is yet to gain traction across all categories of merchants, it added. According to the new set of rules, online players need to delete any credit or debit card data stored on their platforms and replace it with a ‘token’. Token refers to the replacement of actual card information with an alternate code called the ‘token’. ‘Token’ will be unique for a combination of card, token requestor and device. RBI said that a person “could get the card token by initiating a request on the app provided by the token requestor.“
“This means that going forward, instead of saving your card details on a web service – for example, Amazon – you would be saving a unique token. This token would be only for that particular merchant and that particular device. With token, customers can register or de-register their card for a particular use, i.e., contactless, QR code-based, in-app payments etc.,” said Soumee Bhatt, General Counsel
The token requestor will forward the request to the card network which, with the consent of the card issuer, will issue a token corresponding to the combination of the card, the token requestor, and the device. “A cardholder doesn’t have to pay any charges, and the process isn’t mandatory, the Reserve Bank explained this situation.
“A toke card transaction is considered safer as the actual card details are not shared with the merchant during transaction processing,” RBI said.