Search
As per RBI mandate, starting from 1st October, 2022 clear card number, CVV, card expiry date and any other sensitive information related to cards cannot be stored by merchants for processing online transactions and card number will be replaced by a Token to be generated online through algorithm process. The entire process is called Tokenisation. We are listing below the FAQs for the benefit of understanding of our Bank customers.
The following are the FAQs for the benefit and awareness of our Bank’s customers.
Answer: Tokenisation refers to replacement of actual or clear card number with an alternate code called the “Token”. This shall be unique for a combination of card, token requestor (i.e., the entity which accepts request from the customer for tokenisation of a card and passes it on to the card network to issue a corresponding token) and the merchant (token requestor and merchant may or may not be the same entity).
Answer: Once created, the tokenised card details will be used in place of an actual card number for future online purchases initiated or instructed by the card holder.
Answer: A tokenised card transaction is considered safer as the actual card details are not shared / stored with the merchants to perform the transaction.
Answer:
Answer: Yes. Starting 1st, October 2022, both Debit and Credit cards have to be Tokenised.
Answer: No. Tokenisation is applicable only for Domestic transactions.
Answer: Bank will provide a portal to the card holders to view and manage the tokenised cards. Card holders can view / delete tokens for the respective cards through the portal provided.
Answer: No. Tokenisation is only required for carrying out the online transactions.
Answer: The customer need not pay any charges for availing the service of tokenising the card.
Answer: Tokenisation and de-tokenisation can be performed only by the card issuing Bank or VISA / Mastercard / RuPay, who are referred as authorised card networks.
Answer: Actual card data, token and other relevant details are stored in a secure encrypted mode by the card issuing Bank and / or authorised card networks. Token requestor / merchants cannot store full card number or any other card details.
Answer: No. A customer can choose whether or not to let his / her card tokenised. If not tokenised, starting from 1st October, 2022, the cardholder must enter the full card number, CVV and expiry date of the card every time to complete his/her online transactions.
Answer: The registration for a tokenisation request is done only with explicit customer consent through Additional Factor of Authentication (AFA), and not by way of a forced / default / automatic selection of check box, radio button, etc. Customer will also be given a choice of selecting the use case and setting-up of limits.
Answer: A customer can request for tokenisation of any number of cards to perform a transaction.
Answer: To performing any transaction, the customer shall be free to use any of the cards registered with the token requestor / merchant.
Answer: The customer will be able to see the last 4 digits of the card on the merchant page.
Answer: The customer should again visit the merchant page and create a fresh token.
Answer: Yes. A token must be unique to the card at a specific merchant. If the customer intends to have a card on file at different merchants, then tokens must be created at all the merchants.
Answer: Yes. As mentioned earlier, token must be unique for a combination of card and merchant.
Answer: Based on risk perception etc. card issuers may decide whether to allow cards issued by them to be registered by a token requestor / merchant.
Answer: The expiry date of the tokenized card is linked to the card expiry date.
Product Information/ FAQs will also be made available in our Bank’s website www.unionbankofindia.co.in for the benefit of cardholders of our Bank.
The guidelines on Tokenisation will also be available on RBI Website www.rbi.org.in and may be referred from time to time.
Electronic Display will also be made available in branches of our Bank.