The Reserve Bank of India (RBI) declared one-click purchases on merchant sites impossible on January 1 after refusing to extend the deadline for card tokenization beyond the agreed-upon date of January 1, 2022.
In online transactions, tokenization is used to substitute the actual card details entered with random digits. This protects the consumer by prohibiting the disclosure of sensitive card information. The RBI has now expanded the tokenization mandate to all Internet-connected devices, including mobile phones, tablets, laptops, desktops, wearables (wristwatches, bands, etc.), Internet of Things (IoT) devices, payment aggregators, and businesses onboarded by them.
In other words, card information will not be saved anywhere, and every time a consumer does an online purchase, they will have to enter the 16 digits and all other details again, resulting in a stream of random numbers reaching the merchant that are unrelated to the numbers entered. Payment aggregators will take a downward turn of this, as they lobbied to keep card details on their servers or on the merchant sites they service. After this mandate, one-click purchases will no longer be possible.
Entities can, however, record the last four digits of the actual card number and the card issuer’s name for transaction tracking or reconciliation purposes – “in compliance with the applicable standards.”