If you are an HDFC Bank customer you must have surely received an SMS saying "Effective 1st Jan'22! Your HDFC Bank card details saved on Merchant Website/App will get deleted by the merchants as per the RBI mandate for enhanced card security.To pay each time, enter full card details or opt for tokenisation". So, how this RBI mandate would change the way you make online payments via card.
RBI mandate on enhanced card security
The RBI mandate says that beginning January 1, 2022, all crucial card information including card number, CVV and expiry date plus any other important information on the plastic money cannot be saved by merchants for processing online payments.
Now as the card details shall no longer be available with the merchants with whom you engage in recurring transactions you either need to enter your card details or can opt for tokenisation.
What is tokenisation?
As per the HDFC Bank FAQs on Tokenisation- Tokenisation refers to replacement of actual or clear card number with an alternate code called the "Token". This shall be unique for a combination of card, token requestor (i.e. the entity which accepts request from the customer for tokenisation of a card and passes it on to the card network to issue a corresponding token) and the merchant (token requestor and merchant may or may not be the same entity).
So, in tokenisation a customer's 16-digit credit or debit card number is replaced with a unique online identification referred to as a token-which is indeed a random string of 16-digit numbers.
A tokenised card transaction is considered safer as the actual card details are not shared / stored with the merchants to perform the transaction.
There are no charges for availing the service of tokenising the card says the HDFC Bank website in its FAQs on the facility.
How to avail the tokenisation facility?
Step 1 - The card holder can get the card tokenised by initiating a request on the website/app provided by the token requestor and any such similar facility provided by the merchant.
Step 2 - The token requestor / merchant will forward the request directly to the Bank which issued the applicable credit card or to Visa / Mastercard / Diners / Rupay, with the consent of the card issuing Bank.
Step 3 - The party receiving the request from Token requester, will issue a token corresponding to the combination of the card, the token requestor, and the merchant.
Other important points on tokenisation
- Tokenisation is applicable only for Domestic transactions
-For managing your tokenised cards banks will be providing a portal to the card holders to view and manage the tokenised cards. Card holders can view / delete tokens for the respective cards through this portal.
-Tokenisation and de-tokenisation can be performed only by the card issuing Bank or Visa / Mastercard / Rupay / Diners who are referred as authorised card networks.