RBI's new guidelines on data protection and card transactions

In September 2021, The Reserve Bank of India (RBI) announced some new rules related to card tokenization and rules for storing credit card numbers.


The RBI guidelines on data protection have been introduced to reduce fraud and hacks which directly increases digital payment security countrywide. The RBI guidelines on data protection will be effective from January 2022 onwards for all businesses and authorized merchants. 


Card tokenization is a technology that is used as an alternative to the actual card details of the cardholder, which are recorded and stored by businesses and card merchants. The actual card numbers are replaced by a distinct code or token. During an online purchase, a customer uses their card either debit or credit


However, the transaction is only complete when the card number, the expiry date, the CVV number, and PIN for the transaction are all filled in precisely. Token payment system is simply the substitution of an actual card’s details with another unique token number which is different for every card, identified device, and token requestor.

Learn more

RBI's new guidelines on data protection of credit and debit cards

RBI debit card guidelines were given in March 2020 saying that traders won't be permitted to save card data on their sites to help information security. It gave new rules in September 2021 giving organizations until the year's end to agree with the guidelines and offering them the choice to tokenize. Card tokenization is a cycle by which card subtleties are supplanted by a special code or token, produced by a calculation, permitting online buys to go through without uncovering card subtleties, in a bid to further develop card data security.


The credit card rules by RBI have requested all organizations in India to cleanse saved credit and check card information from their frameworks from Jan. 1, 2022. The enhancements are supposed to build the well-being and security of card information while keeping up with digital payment security. Many organizations taking part in the card installment exchange chain keep genuine card subtleties also known as Card-on-File, referring to the accommodation and solace highlights for clients while managing card data security on the web.


RBI added that a few dealers even propel their purchasers to keep their Visa data on record. At the point when such data is imparted to an enormous number of organizations, the opportunity of card information being taken increments. In the new past, there have been circumstances where shippers' card information has been hacked and delivered. Any CoF information revelation can have genuine outcomes.


Stolen card information can likewise be utilized to execute scams inside India through friendly designing procedures. Save Bank had, in this manner, specified in March 2020 that approved installment aggregators and the dealers boarded by them should consider card data security. This would limit weak focuses in the framework. On a solicitation from the business, the cutoff time was reached out to end-December 2021 as a one-time measure.RBI guidelines on data protection have been in standard touch with the business to work with the progress.


It might very well be noticed that the presentation of CoFT while further developing client information security, will offer clients a similar level of comfort as now. Under the card tokenization plot, there would be compelling reasons needed to enter card data for every exchange.


Related page: How can virtual cards facilitate recurring payments in India?

New RBI's guidelines impact on merchants

Under the new credit card rules by RBI, just card issuers and card organizations will actually want to store the card subtleties of clients. Each one of the merchants and payment banks will presently need to eliminate these subtleties from the framework, which the reserve bank said have been thought twice about on a few occasions.


Starting January 1 2022, the merchants should switch over to a better approach for exchange, called card tokenization. It guarantees that exchange can happen without unveiling the cardholder's record data to either the dealer or any of the delegates. Presently, the banks, merchants, and different partners are attempting to beat the clock to consent to RBI guidelines on data protection.

expense tracking

How will RBI's new guidelines protect you from card data fraud?

The RBI guidelines on data protection stretched out the extent of card tokenization to acquire buyer gadgets like PCs, workstations, IoT gadgets, and smart wearables. Accessible for smartphones and tablets of cardholders inspired by the help till now, RBI chose to grow the extension in the wake of seeing a "take-up in the volume of tokenized card exchanges" as of late. With the augmentation of the standard, approved card organizations can now offer card tokenization administrations to any cardholder that solicits for it, under credit card rules by RBI.


The progression was taken by the zenith bank after an audit of the system and input from keeping in view partners. Tokenization makes card exchanges advantageous for the clients as well as guarantees security and wellbeing by giving the greatest assurance against burglary or extortion. While making a Visa installment at a POS machine or internet business stage, a 16-digit irregular 'token' will supplant the real number of the card. By and large, viewed as a more secure bet, card tokenization eliminates the need to share genuine subtleties of an acknowledge or charge card for a shipper for an exchange.


Token Service Providers (TSPs) can offer assistance solely after the unequivocal substance of the client. This will require an Additional Factor of Authentication (AFA). Card tokenization will relieve the gamble of customer data spilling from a shipper's data set. Traders not putting away genuine card information of clients while onboarding them will limit weaknesses in the exchange interaction.


The interaction will be advantageous for clients as they won't have to recollect every one of the subtleties of their credit or charge card. Card tokenization likewise offers accommodation on account of repeating installments. In the event of extortion or burglary, a programmer won't be quickly ready to infer the data of a client from a token as figuring out a token to the real subtleties of the card would be extreme.

Related reads

How do RBI guidelines affect subscription payments?

According to new statement, debit and credit card users can no longer save their card details on merchants’ online platforms.

Reasons behind RBI's move to link credit card to UPI

Get a complete idea on the rationale behind RBIs move to link credit card to UPI and what is in store for the future.

RBI auto debit rules: How to manage your B2B payments?

Get a complete idea about recent RBI guidelines for auto debits on online payments and how it will affect subscription payments.

Get Volopay for your business

Get started now
Get started now