Comments
The Reserve Bank of India, on Tuesday, announced enhancements to the current framework on card-tokenisation services.
The device-based tokenisation framework advised through circulars of January 2019 and August 2021 has been extended to Card-on-File Tokenisation (CoFT) services as well.
Further, card issuers have been permitted to offer card tokenisation services as Token Service Providers (TSPs), said the RBI.
“The tokenisation of card data shall be done with explicit customer consent requiring Additional Factor of Authentication (AFA),” it added.
Review undertaken
The enhancements have been done based on a review of the tokenisation framework and to enable cardholders benefit from the security of tokenised card transactions and also the convenience of card on file or customer card credentials, said the RBI.
The facility of tokenisation will be offered by TSPs only for the cards issued by or affiliated to them. Further, the ability to tokenise and de-tokenise card data, will be with the same TSP.
“The above enhancements are expected to reinforce the safety and security of card data while continuing the convenience in card transactions,” the RBI further said.
It also said that the introduction of CoFT, while improving customer data security, will offer customers the same degree of convenience as now.
Contrary to some concerns, there will be no requirement to input card details for every transaction under the tokenisation arrangement, it further said, adding that efforts of the RBI to deepen digital payments in India and make such payments safe and efficient shall continue.
The RBI had, in March 2020, stipulated that authorised payment aggregators and the merchants onboarded by them should not store actual card data. This would minimise vulnerable points in the system. On request from the industry, the deadline was extended to December-end as a one-time measure.
The RBI has been in regular consultation with the industry to facilitate the transition, it said. The central bank had,on August 25, also extended the scope of tokenisation to laptops, desktops, wearables (wrist watches, bands, etc), Internet of Things (IoT) devices from the initial mobile phones and tablets.
Comments
COMMENT NOW
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.