New RBI rules for online card transactions effective July 1, 2022
Starting July 1, 2022, e-commerce companies like Amazon and Flipkart or online delivery aggregators like Zomato will not be able to save card information on their platforms, according to new guidelines. by the Reserve Bank of India (RBI). Under the new rules, customers making online transactions on any e-commerce platform will need to enter their debit or credit card details every time from next year. However, customers can avoid the hassle and choose to provide consent for platforms to encrypt their tokens.
Back in March 2020, RBI issued guidelines restricting merchants from saving customer card details for added security. In September of this year, the regulator Advanced its guidance on card encryption services to improve safety and security. “Encryption of card data will be done with the express consent of the customer, requiring an Additional Validation Factor (AFA),” RBI said in a press release. It should be noted that the deadline for merchants and other payment aggregators to store card data was first set to June 30, 2021, then extended to December 31, 2021, and now at already extend until June 30, 2022.
Tokenization replaces card details with a unique algorithmically generated code or token, allowing online purchases to be made without revealing card details.
So what does this mean for a regular customer? Here are 10 quick draws:
- Starting July 1, 2022, customers will no longer be able to save their debit or credit card details on any e-commerce platform.
- Customers will have to re-enter card details every time they make an online transaction.
- To avoid repeat troubles, customers can agree to e-commerce companies “opening their cards”. After receiving customer consent, e-commerce platforms will require the card network to encrypt details with additional factor authentication as needed.
- Once the e-commerce platform receives the encrypted details, the customer can save the card for future transactions.
- Currently, only Mastercard and Visa-provided cards can be encrypted by most of the leading e-commerce platforms. It is expected that tokens from other financial services will soon be able to be encrypted.
- The new RBI guidelines must be followed for both credit and debit cards.
- The new guidelines do not apply to international transactions. Only domestic cards and transactions are covered by the new RBI guidelines.
- Customers will not need to pay any additional fees for card encryption.
- E-commerce platforms will display the last four digits of the encrypted card for easy identification by customers, along with the issuing bank and the card network name.
- Finally, tokenization of the token is optional. Customers can choose to encrypt their card for quick transactions, or enter card details in another way.
Editor’s Note:: An earlier version of this article mentioned the RBI’s December 31, 2021 deadline, which has been extended to June 30, 2022. The article has been updated to reflect the change. change this.