Making payment over the internet has become the new normal. However, it has also increased fraudulent activities, leading to siphoning off data from the website given access to store these financial details. Pradeep Agarwal explains the latest decision by the Reserve Bank of India (RBI) to disallow the merchants from saving this information.
He states, “The measure has been taken to make payments more secure and to improve the security of cards used for digital settlements. Therefore, it has come up as a mandate by RBI that all online merchants erase sensitive data of customers saved on their end. The step came into effective on 1 January 2022.”
The news broke out as early as March 2021, when RBI issued new guidelines in lieu of the data security for customers. However, after a series of debate, the regulatory body issued a fresh notice in September and called on all the firms in India to let go off the personal customer information. The applied method implies that for each transaction to be made using credit/debit card, the details have to be entered every time. Arguably, the process is lengthy and many have raised a waiver of doubt over how can it affect the overall sales, but the government has remained fixated on the rule’s compliance. Besides, it is also notified to all vendors that they now preserve an option to tokenise online transactions.
Pradeep Agarwal, who agrees with the governments ruling, states, “When the debit/credit card is used to make a transaction, its completion depends on information including 16-digit card number, the CVV, and the expiry date of card, alongside one time password or OTP, as known by its global shorthand. Therefore, for the process to begin and settle as a successful transaction, each detail should be entered correctly.”
He adds, “With tokenisation, the actual card detail entered is replaced by a unique code called token. This number is generated every time a transaction is made. This leads to customer’s card details being safe, while merchants are totally unaware of the information shared.”
After the first payment is recorded with any merchant, customers also have to give their consent using the additional factor of authentication (AFA). Post which, they can continue with the payment by typing in their card’s CVV and OTP.
Pradeep Agarwal informs, “As per the data given by statista in October last year for 2020, fraud offences related to online banking in India accounted for more than 4,000. The number is staggering given how vastly has the government – using different sources such as radio, TV, posters, newspapers, and magazines – promoted that people must never share their OTP, CVV or any other personal bank details.”
Evidently enough, even while the new steps make the process to checkout for the customers a little lengthy, they only ensure that such fraudulent activities do not remain part of the process, which is important to the overall growth of the Indian economy.