New RBI norms for online card transactions from January 1

Tribune News Service

New Delhi, December 22

In a bid to improve data security, users will have to re-enter credit or debit card details every time they do online transactions from January 1 as the Reserve Bank of India has told e-commerce companies that they will not be allowed to save card information on their websites from that date.

Users not wishing to enter their details each time they do a transaction will have to give consent to e-commerce companies and other online platforms to “tokenise”.

Under tokenisation, card details are replaced by a code or token, generated by an algorithm, which does not expose card details. The RBI has ordered all companies in India to delete saved credit and debit card data from their systems from January 1, 2022. Users who don’t opt for tokenisation will need to manually punch in card details each time they carry out an online purchase. Once the e-commerce platform receives the encrypted details or token, customers can save that card for future transactions.

The RBI’s directive will also apply to companies such as Amazon, Flipkart, Zomato and Swiggy etc.

Move to improve data security

• Users not wishing to enter their details each time they do a transaction will have to give consent to e-commerce companies and other online platforms to “tokenise”
• Under tokenisation, card details are replaced by a code or token, generated by an algorithm, which does not expose card details