Credit card tokenisation
After tokenisation, you have to key in your card details every time you shop online. But the RBI believes the process will impact everyone positively by reducing the number of disputes and fraud

Are you ready for the new credit and debit card rules from October 1?

The Reserve Bank of India (RBI) will implement a host of changes from October 1, 2022. These changes—including card tokenisation, new debit and credit card rules, demat account KYC rules, and eligibility for investing in Atal Pension Yojana—will impact you as a customer. So, here is all that you need to know.

Card tokenisation

You may have already noticed that your saved credit card details vanished from merchant sites such as Amazon. That is because these sites can no longer store your credit and debit card details, including number, name, expiry date, and code. A token will now replace these details, and the merchant websites will use those tokens for transactions.

The RBI’s card-on-file (CoF) tokenization regulations were about to come into effect from July 1. However, in late June, the RBI extended the card tokenisation deadline by three months, until September 30, 2022. In July, it directed all stakeholders, barring card issuers and networks, to delete all customer data before October 1, 2022.

Also read: RBI’s move to make credit cards UPI-enabled isn’t an unalloyed blessing

So, how will this credit and debit card rule change help you? For one thing, these new rules will ensure the safety of your data. Token-based transactions are considered safer, as you do not share the details with the merchant sites, and they cannot misuse your data. They can save the last four digits of the card number and the card issuer’s name to track transactions. The tokens will be unique and irreversible.

Yes, the process will be a bit inconvenient because you have to key in all your card details every time you shop online. But the RBI believes card tokenisation will impact everyone positively by reducing the number of disputes and fraud. So, it will help consumers, merchants, as well as banks.

So, how will you get a token? After entering your card details for a transaction, click on “securing your card as per RBI guidelines.” The merchant will then request the operating bank to generate a unique token for that transaction. Once it gets the consent, the merchant will send the request to the card network.

You will then get an OTP on your mobile phone or an email from the card issuer, which you must fill in on the bank page. Your token will then be generated. You must mail that token to the merchant. It will save it with your phone number and email id for any technical issues.

The tokenisation feature will be available on mobile phones, tablets, laptops, desktops, wearables (wrist watches, bands, etc.), Internet of Things (IoT) devices, etc.

Also read: Google developing its own physical, virtual debit cards, says report

New credit and debit card rule change

The RBI will also implement a few Master Direction provisions, including the issuing and use of credit and debit cards, on October 1. If you get a new card, you must activate it within 30 days of issuance. If you do not do so, the credit card issuer must obtain a consent based on a One Time Password (OTP). If you reject the request to activate the card, the card issuer must block the credit card account without initiating a charge within seven working days.

Also, card-issuers cannot increase the credit limit without your written consent after October 1.

They must also specify the terms and conditions for payment of credit card balances, including the minimum amount due. The RBI’s master circular says that unpaid levies, taxes, and other fees “shall not be capitalised for the purpose of charging or compounding interest.”

Demat account authentication rule change

Demat account holders must enable a two-factor authentication by September 30, according to a circular issued by the National Stock Exchange (NSE) on June 14.

“Members shall preferably use biometric authentication” as an authentication factor to log on to their demat accounts, the circular says. If biometric authentication is impossible, other factors can include a password or PIN, a one-time password (OTP), a security token, or authenticator apps on smartphones or desktops, the circular states.

Also read: Pulling out of NPS is fiscally imprudent; other states might emulate Rajasthan

Atal Pension Yojana rule change

Income tax payers will not be eligible for this government-backed scheme from October 1. The target is to extend pension benefits to underprivileged demographic groups, according to the finance ministry. “…from 1st October,2022, any citizen who is or has been an income-tax payer, shall not be eligible to join APY,” the Centre directed in a notification dated August 10, 2022.

National Pension Scheme e-nomination rule change

Here is some good news for NPS subscribers. Once a subscriber initiates e-nomination, the nodal office can either reject or accept the request. If the nodal office takes no action within 30 days, the request will get accepted in the CRA system, the Pension Fund Regulatory and Development Authority (PFRDA) has stated. This revision will come into effect from October 1. The rule will also apply to the still unauthorised e-nomination, the PFRDA has clarified.

Read More
Next Story