India online payment rules to change on January 1: What you need to know

WION Web Team
NEW DELHI Updated: Dec 23, 2021, 08:24 PM(IST)

Netflix, Amazon, Zomato, and payment aggregators like Paytm and Google Pay would no longer be able to keep credit card information. Photograph:( Others )

Story highlights

Due to new restrictions regarding credit and debit card tokenisation, Indians' use of credit and debit cards will change beginning in January of next year.

From January 1, 2022, the way Indians use their credit/debit cards and transact at ATMs will change.

There has been a significant increase in internet penetration across the country, which opens the door for cybercrime.

As a result, the Reserve Bank of India (RBI) has advised all merchants and payment gateways not to store client card credentials within their database or server in order to ensure that customers make secure online payments.

To fulfil the instructions, the RBI decided to extend the deadline for non-bank payment aggregators and payment gateways by six months, till December 31, 2021, as a one-time measure, to allow payment system providers and participants to develop workable alternatives, such as tokenisation. 

What is Tokenisation and how is it different from the present system? 

Tokenisation refers to the substitution of an alternative code termed a "token" for the actual card details, allowing online purchases to be made without revealing important information to cyber criminals. 

At present, the 16-digit card number, the card expiry date, the CVV, and an OTP or transaction PIN are all required for online debit/credit card transactions.

For successful online card transactions, these details must be appropriately given to merchants or companies.

But from January 1, the RBI's new rule makes it explicit that retailers and organisations must destroy such information from their databases and replace it with tokenization, which replaces actual card details with a unique alternate code known as a token.

Each card combination will yield a different token.

A card user can have their card tokenised by a merchant or service provider by submitting a request on the token requestor's app.

The tokenisation procedure, according to the RBI, would help make online card transactions more secure because merchants will not be aware of a customer's actual debit and credit card details. 

Is tokenisation a safer option?

A tokenised card transaction is considered safer by the RBI because the real card details are not shared with the merchant during transaction processing.

According to the central bank, the authorised card networks will hold the real card data, tokens, and other necessary elements in a secure mode. 

ATM transactions that exceed the permitted limit are subject to an additional fee

In June of this year, the Reserve Bank of India (RBI) allowed banks to increase charges for cash and non-cash ATM transactions beyond the free monthly acceptable limit.

With effect from January 1, 2022, customers who exceed the monthly limit of free transactions will be charged Rs. 21 instead of Rs. 20.

Customers will be entitled to five free financial and non-financial transactions each month from their own bank's ATMs.

They would also be able to use other bank ATMs for three free transactions in metros and five free transactions in non-metros. 

(With inputs from agencies)

Read in App