RBI permits card-tokenisation services in a bid to make card transactions safer
The Reserve Bank of India has permitted authorised card networks to offer card tokenisation services to any token requestor in a bid to make card transactions more safe, secure and convenient for the users. In a notification issued yesterday, RBI said that it has provided the facility to interested cardholders only for their mobile phones and tablets.
The central bank noticed that there has been an uptake in the volume of tokenised card transactions during the recent months and on a review of the framework and keeping in view stakeholders feedback, RBI decided to extend the scope of tokenisation to include consumer devices – laptops, desktops, wearables (wristwatches, bands, etc.) and Internet of Things (IoT) devices.
All other provisions of the circular referred to above shall continue to be applicable. This initiative is expected to make card transactions more safe, secure and convenient for the users.
Earlier in January 2019, the Reserve Bank of India in its efforts to improve the safety and security of card transactions permitted card networks for tokenisation in card transactions for a specific use case. Tokenisation involves a process in which a unique token masks sensitive card detail. Thereafter, in lieu of actual card details, this token is used to perform card transactions in contactless mode at Point of Sale (POS) terminals, Quick Response (QR) code payments, etc.
These guidelines permitted authorised card payment networks to offer card tokenisation services to any token requestor (third party app provider), subject to conditions enumerated in these guidelines. A cardholder may avail of these services by registering the card on the token requestor's app after giving explicit consent. No charges shall be recovered from the customer for availing of this service.
All extant instructions of Reserve Bank on safety and security of card transactions, including a mandate for Additional Factor of Authentication (AFA)/PIN entry, shall be applicable for tokenised card transactions also.