Card Details Stored Across Online Portals To Be Deleted Automatically: Details Inside


To make online payments safer and secure, the Reserve Bank of India (RBI) has asked all merchants and payment gateways to remove sensitive customer data on cards saved on their end and instead use encrypted tokens to carry transactions. The new rule will come in place from January 1 2022.

RBI issued guidelines in March 2020 saying that merchants will not be allowed to save card information on their websites to boost data security. It issued new guidelines in September 2021, giving companies until the end of the year to comply with the regulations and offering them the option to tokenise.

Also Read:

The RBI had ordered all companies in India to purge saved credit and debit card data from their systems from January 1, 2022.

From January onwards, when you make the first payment to any merchant, you will need to give them your consent with an additional factor of authentication (AFA). Once done, you will complete the payment by keying in your card’s CVV and OTP.

What cardholders need to do from next month

  • You start a purchase with a merchant
  • The merchant initiates tokenisation by asking for your consent to tokenise the card.
  • Once you give permission, it sends a tokenisation request to the card network.
  • The card network creates a token as a proxy to the card number and sends it back to the merchant.
  • For making payment to a different merchant or from an additional card, tokenisation is to be done again.
  • The merchant saves the token for subsequent transactions.
  • You approve transactions with CVV and OTP.