The Reserve Bank of India’s (RBI) brings new rules for credit and debit cards came into effect on October 1. These include tokenization, a one-time password (OTP) for activation after 30 days, written permission for enhancement of credit limit, and greater clarity on interest calculation.
Under the new rules, any platform — mobile apps, merchants, payment aggregators, and payment gateways — conducting monetary transactions will not be able to store crucial customer credit and debit card details. it includes a three-digit CVV, expiry date, and more.
Tokenization for greater security
Tokenization means replacing actual card details (such as the 16-digit card number, expiry date, etc) in digital transactions with an alternative code called the token. Merchant sites store customers’ card data so that the latter don’t have to input these details every time they transact. But this comes with the risk of merchants’ sites being hacked and data getting stolen.
Tokens protect customers by substituting their data with a series of algorithmically generated numbers and alphabets. As per RBI, these tokens will be unique for a combination of cards, token requesters, and devices. The RBI recently revealed that around 35 crore tokens have already been created. Just in September, around 40 percent of transactions take place through tokens, reveal by RBI’s Deputy Governor T Rabi Sankar.
Tokenisation, however, is not mandatory. “A user who chooses not to tokenize his card will have to input his card details for every transaction,” says Raj Khosla, founder and managing director (MD), MyMoneyMantra, an online financial marketplace.
How to apply for Tokenization?
To opt for tokenization, a debit or credit card user will first need to send a request on the app provided by the token requester. The token requester will then forward the request to the card network. Lastly, with the consent of the card issuer. A token corresponding to the combination of the card, the token requester, and the device will be issued.
Notably, it will not charge any fees for the tokenization service.
OTP for delayed activation
A new RBI rule says if a person hasn’t activated a card for more than 30 days following the date of issuance, the issuer must obtain OTP (one-time password)-based consent to activate it.
If a customer rejects the request to activate a card. The issuer must cancel the account within seven working days without levying a charge. “This directive will protect customers from falling victim to fake applications,” says Chopra.
Even if you activate a card within the stipulated time limit, it won’t remain active unless you use it regularly.
Transparency in interest calculation
The terms and conditions for paying credit card dues, which include the minimum amount due, must be specified. This will help customers avoid a debt trap
Thanks for reading!!