New credit and debit card rules take effect January 1: What does this mean to you?


The way people use their credit and debit cards will change from January 1, 2022. To secure online payments, the Reserve Bank of India (RBI) had asked all merchants and payment gateways to delete the data sensitive customers available on their side.

RBI’s new rule, which goes into effect on January 1, requires all traders to use crypto tokens to complete transactions. Simply put, customers will either need to enter their full credit / debit card details each time to complete a transaction online, or have the option of opting for tokenization.

As the due date approaches, many banks have already started notifying customers about the change in online debit / credit card payment rules. For example, HDFC Bank sent a message to its customers about the new rule.

Read | January 1 alert: New RBI guidelines mean online payments will lead to some chaos in the new year

“Effective January 1, 22!” Your HDFC bank card details saved on the merchant website / app will be deleted by merchants in accordance with the RBI Mandate for Stronger Card Security. To pay every time, enter full card details or opt for tokenization, ”HDFC Bank said in its message to customers.


The rule that goes into effect on January 1 is not really new and was announced by the central bank in March 2020. The RBI rule stated that merchants would not be allowed to record users’ card information on their cards. Web sites. The rule was to make payments safe and secure.

However, most banks weren’t ready at the time, prompting the RBI to issue guidelines in september this year. “As of January 1, 2022, no entity in the card transaction / payment chain, other than card issuers and / or card networks, will keep the actual card data. All of this previously stored data will be purged, ”RBI said.

It gave merchants and payment gateways time until the end of the year to comply with regulations. The RBI has also offered traders and businesses the ability to tokenize transactions.


Online debit / credit card transactions involve information such as 16-digit card number, card expiration date, CVV, and an OTP or transaction PIN. These details must be accurately submitted to merchants or businesses for online card transactions to be successful.

However, the RBI’s mandate made it clear that merchants and businesses will need to remove this information from their database and replace it with a tokenization, which will replace the card details with a unique alternate code called a token. The token will be unique for each combination of cards.

A card user can obtain the tokenized card from a merchant or service provider by initiating a request on the application provided by the token requester. According to RBI, the tokenization process will help secure online card transactions, as merchants will not know the actual details of a customer’s debit and credit card.


For any online card transaction from January 1, 2022, a cardholder will need to give consent to a particular merchant or business via additional factor authentication for tokenization. After that, the merchant will send a tokenization request to the card network.

The card network will then create a token, which will replace or replace the 16-digit card number, and send it back to the merchant. This token will be kept by the merchant for future online card transactions.

After tokenization, a person will need to enter CVV and OTP as before for transaction approval. It can be noted that the tokenization process needs to be done separately for different traders. For example, individuals will have a different token for Zomato and Netflix transactions.

Simply put, tokenization is a process in which a user’s card details will be recorded by a merchant in an encrypted manner. The RBI said it will not only reduce the risk of fraud, but also make transactions more convenient for users after the initial period.

The central bank has also made it clear that there is no need to memorize 16-digit card numbers because users will not be required to enter them for every transaction under the tokenization rule.

“Contrary to some concerns expressed in some sections of the media, it would not be necessary to enter card details for every transaction as part of the tokenization deal,” RBI said in an earlier statement.


About Author

Comments are closed.