RBI wants you to fill the entire card details for every online payment

[Tejas01]

Can anyone tell in brief what is the rationale for this tokenisation by RBI?

 

[Sushubh]

not sure if it was announced after mobikwik breach.

 

[proton8454]

Can anyone tell in brief what is the rationale for this tokenisation by RBI?

your card details are hashed and stored with the merchant

 

[Tejas01]

Edit- so your reply and Sushubh's reply partly helped understand that it has something to do with ensuring safety of customers card detail. So why ecommerce stand to loose?

 

[mhsabir]

Well the argument seems to be that smaller players had no time (or money to spend?) to implement it. So overall drop in sales.

 

[mikrotik]

They anyways did not had resources to implement proper safety as per PCIDSS standards. They must already be using some payment gateway and all of them are compatible with tokenisation.

 

---

[Smh]

What happens to stored details do they become useless? And transction would be declined without token or something. How can they differentiate if I am manually entering card details or its presaved by merchant?

Shit companies like mobikwik will never completely delete their data backups. Hopefully next time there will be a breach they can be penalized for illegally storing data.

 

[mikrotik]

No they won't become useless and any rogue website can keep using it. Even the international ones will show middle finger to RBI. Whichever website used to store your card, they already had your card number and expiry and would ask you to just put the CVV. They then transmit that card to the PG for transaction processing and same will continue to happen.

 

[Smh]

So only if some domestic company gets caught with stored data they will be in trouble.

 

[mikrotik]

Correct.