RBI’s New Guidelines: Augmenting Card Issuance Efficacy and Cybersecurity

RBI’s-Master-Directions-for-Credit-and-Debit-Card-Issuance

RBI is all set to bring revolutionary amendments across all scheduled banks and NBFCs with its new guidelines regarding  credit and debit cards. Aiming to streamline the unbridled issuance process and other related nuances, the deal turns out to be a blessing in disguise, protecting against cyber thefts and card frauds.

The introduction of cashless transactions has resulted in a surge in credit and debit card usage. The major cause of this uplift is the increased acceptance of card-based transactions across various domains. People are refraining from carrying cash in the hope that their card will be accepted as a form of payment wherever they go. Speed and convenience are also its two other additional advantages. 

However, there are numerous pitfalls too. With the rising usage of credit and debit cards, their issuance processes in both scheduled banks and NBFCs need some hardcore streamlining. At the same time, identity theft and card fraud has also surged and become a major concern for cyber security professionals. Phishers and fraudsters rampantly steal card information and use it to make huge purchases as well as quickly drain your account.

Considering all these stumbling blocks in the path to cashless banking, on April 21, the Reserve Bank of India (RBI) issued master instructions for the issuance of credit and debit cards. It also set guidelines for various merchants offering online payment gateways, catering secured transactions. These revised guidelines are to come into effect from July 1, 2022.

In this article, let’s take a look at what will change with the updated guidelines and how these master directions will bring a more secure version of online payments for consumers nationwide.

RBI’s New Tokenisation System to Curb Phishing and Forgery

Apart from debit and credit card regulations, the Reserve Bank of India will also introduce tokenisation applicable for any online transaction from July 1, 2022. Previously, this was slated for January 1, this year, but was later pushed back by six months.  

Tokenisation is the process of safeguarding any user’s card details with an encrypted token code during any online transaction. Merchants are mandated to provide a tokenisation option to mask the latter’s card details. No entity will be permitted to store the actual card data and the previously stored information is also directed to be purged by June 30, 2022.

Tokenisation: A Shield Against Cyber Crimes

Majority of financial transactions are now conducted online wherein users are asked for their card details, including its expiration date and CVV number. This data is stored on the merchant’s website with the cardholder’s authorisation, for future use. Phishers and forgers take this opportunity to exploit keystroke tracking via malicious malwares to gain access to a user’s debit or credit card information.

But, with the inception of tokens, only legitimate merchants will be permitted to send payment links, which will display the card token. Tokenisation will, thus, prevent users from disclosing card details on any merchant’s website, acting as a deterrent to cybercrime.

A robust step towards online security, it will help secure customer data even if a merchant’s website is hacked. Users will also be issued multiple tokens in case they want to shop from various portals or use more than one card in a single portal.

RBI’s New Rule for the Issuance of Cards and its Necessity

To satisfy financial obligations, everyone wishes to have a credit card. Customers also frequently seek credit limit upgrades for enhanced usage. To meet the rising demand, card issuers have begun to provide a wider range of credit and debit products. Because of the abundance of options, unfettered upgrades and higher card limits, the RBI decided to regulate the entire process. That’s where the new guidelines come in.

Banks and NBFCs must comply with the new requirements from the day it will be implemented. The issuing agencies will be liable to honour the card closure request within 7 days. If the issuer fails to do so, they  will be charged a penalty of INR 500 each day until the card is terminated.

see also@ UPI Now Available for Feature Phones – Latest RBI News

Master Directions for Debit Card Issuance

Here are the guidelines set by RBI for debit card issuance.

  • With the consent of their boards, banks must develop a comprehensive policy for giving out debit cards to customers and abide by it. However, they are not mandated to get approval from the RBI for issuing the same.
  • Only customers with savings and current accounts will be eligible to enjoy the benefits of debit cards.
  • Card issuers should not coerce customers to use debit cards and should not tie the issuance of a debit card to the use of any other banking product or service.
  • A co-branded debit/credit card must clearly state that it was issued as part of a co-branding agreement. They should not promote their partner or sell the co-branded cards as their own.
  • The card issuer’s name must be prominently displayed in all marketing and advertising materials.
  • NBFCs interested in participating in a co-branding agreement for credit card issuance will be subject to the RBI guidelines.
  • While providing debit/credit card facilities, banks should offer customers the alternatives to block or disable SMS, IVR or mobile banking notifications if the latter so wishes.
  • Scheduled Commercial Banks (apart from RRBs) may issue other form factors contrary to a plastic debit card, like wearables, only after obtaining explicit consent from the customer.
  • Debit cards will not be issued to cash credit account holders by any bank. It will anyhow not prevent banks from using a debit card to link the overdraft facility granted with Pradhan Mantri Jan Dhan Yojana accounts.

RBI’s New Guidelines for Credit Card Issuers

Given below are the stringent RBI guidelines for scheduled banks and NBFCs issuing credit cards to their customers.

  • The issuance and upgradation of unsolicited cards is completely prohibited. The issuing authority will be liable to withdraw the facility if: 
    • a credit card provider increases the limit of an existing card 
    • reactivates an unsolicited credit card without the authorisation of the customer, or 
    • bills the customer for the same. 

As per the RBI’s new card standards, the issuer will be bound to pay a penalty equal to twice the reversed amount.

  • The affected consumer has the authority to approach the Reserve Bank India’s Ombudsman for the purpose of grievance redressal.
  • Card issuers should exercise caution when granting credit cards as well as independently analyse credit risk when issuing cards to individuals. The issuers need to take the applicant’s independent financial resources into consideration. Companies should also make sure that their own debt collection department or any third-party debt collection firm does not intimidate or harass clients.
  • Written consent is mandatory before any card issuance. If obtaining written consent is not possible, issuers may obtain consent by digital methods but must notify the RBI.
  • When providing credit cards for free, there can be no hidden fees.
  • Any sort of amendments in the credit card charges can be implemented only after following a one-month notice period. As per the new guidelines of RBI, if a cardholder wishes to relinquish their card due to changes in costs that are to their disadvantage, they may do so without paying additional fees. The rule is conditional on the cardholder paying all dues.
  • Card issuers must include a single-page Key Fact Statement, together with the card application. This application should include information correlated with the card, including the interest rate and the amount of charges. In the event that a credit card application is denied, the card issuer must notify the applicant, in writing, of the particular reason(s) for the denial.
  • Commercial banks having a net worth of more than INR 100 crore can operate credit card businesses on their own or in collaboration with other card-issuing banks or NBFCs.
  • Credit cards can be issued by regional rural banks (RRBs) in partnership with their sponsor bank as well as other banks.
  • Without any prior approval from the RBI, non-banking financial companies may not engage in credit card activity.
  • NBFCs are not allowed to issue physical or virtual debit, credit, charge cards or any similar products without first receiving Reserve Bank authorisation.
  • Card issuers must guarantee that credit card loans follow the Reserve Bank’s guidelines associated with loans and advances, updated on a regular basis.
  • Banks and NBFCs must ensure the credit limit sanctioned to the cardholder does not exceed without the latter’s informed consent.
  • Credit cards and charge cards must be provided to consumers for their personal usage along with add-on cards if necessary.

In its circular, the RBI also requested that card issuers establish a grievance redressal system and publicise it broadly. Banks and NBFCs must also guarantee that their customer care executives are appropriately trained to competently manage and escalate a complaint.

Additionally, they are bound to reimburse the complainant for the consumer’s lost time, expenses and mental anguish.

If a complainant does not receive a satisfactory communication from the card-issuing party within one month of lodging the complaint, the consumer will have the option of approaching the concerned RBI Ombudsman for the purpose of grievance redressal.

see also@ Importance of Credit Information for a New Borrower

So, What Changes?

Addressing multiple issues faced by consumers, both with banking and online transactions, the new RBI guidelines seem like a knight in shining armour. Apart from deterring coercive product sales and unnotified changes in debit/cards, it also ensures online transaction security via tokenisation. Streamlining the overall card issuance process, it will even enable banks, NBFCs and merchants to augment the efficacy of their services.

Chitra Chaudhary A stellar writer with over 3 years of experience, Chitra loves to delve deep into all the nitty-gritty of finance, government and other technical topics people usually dread to attempt. With a masters in Computer Science, Chitra alchemises her analytical and creative prowess to manifest some of the most awesome articles for Square Yards.
  • Super Quick & Easy
  • Stamped & E-Signed
  • Delivered Directly in Mailbox
Rent-Agreement

Exploring Options for Buying or Renting Property

Looking to buy or rent property
Related Category
Contact Our Real Estate Experts