RBI Releases Guidelines On Tokenisation For Card Transactions

RBI Releases Guidelines On Tokenisation For Card Transactions

SUMMARY

Tokenisation involves a process in which a unique token masks sensitive card details

This measure helps in avoiding the misuse of card details or network hacking

There will be no additional charges for the service to be levied by the consumer

Taking another step towards enhancing the safety and security of payment systems in the country, the Reserve Bank of India (RBI) has released guidelines on tokenisation for debit, credit, and prepaid card transactions.

Tokenisation involves a process in which a unique token masks sensitive card details. Thereafter, in lieu of actual card details, this token is used to perform card transactions in contactless mode at:

  • Point of sale (POS) terminals
  • Quick Response(QR) code payments
  • Near Field Communication (NFC)/Magnetic Secure Transmission (MST)-based contactless transactions
  • In-app payments, or
  • Token storage mechanisms (cloud, secure element, trusted execution environment, etc)

 

(Image Credit: Wikipedia)

 

This directive has been issued under Section 10 (2) read with Section 18 of Payment and Settlement Systems Act, 2007 (Act 51 of 2007). It’s a global practice and complies with guidelines such as the Payment Card Industry Data Security Standard (PCI DSS), an international organisation. It will also help avoid the misuse of card details or network hacking.

Tokenisation Benefits

Authorised card payment networks can now offer card tokenisation services to any token requestor (third-party app provider), subject to conditions enumerated in these guidelines with a mandate for an additional factor of authentication (AFA)/ PIN entry.

“A cardholder may avail of these services by registering the card on the token requestor’s app after giving explicit consent. No charges shall be recovered from the customer for availing this service. Also, the ultimate responsibility for the card tokenisation services rendered rests with the authorised card networks,” the RBI said in an official statement.

For now, this facility will be offered through mobile phones/tablets only. Its extension to other devices will be examined later, based on the experience gained.

Visa’s Group Country Manager, India and South Asia TR Ramachandran said, “Tokenisation is the foundational aspect of taking payment security and safety to the next level by devaluing data and replacing payment credentials with tokens. We welcome this significant step by the RBI to encourage safe and secure digital payments for the country.  World over, tokenisation has evolved into enabling payments through connected devices and risk-based authentication. We are confident of India soon embarking in this direction to truly propel digital payments for the masses.”

Additional Security Measures Taken

As stated by the RBI, before providing card tokenisation services, authorised card payment networks must put an audit mechanism in place to keep a check on the overall tokenisation process at frequent intervals.

“This system audit shall be undertaken by empanelled auditors of Indian Computer Emergency Response Team (CERT-In) and all related instructions of Reserve Bank in respect of system audits shall also be adhered to. A copy of this audit report shall be furnished to the Reserve Bank,” added the RBI.

Earlier, in October 2015, reports had surfaced that the US-based Nuspay International (Nuspay) and E-billing Solutions (EBS) had entered into an agreement that would enable Indian customers to make secure purchases from more than 6,000 online merchants via the patent-pending Nuspay Virtual Account tokenised payment solution.

The RBI, on January 8, 2019, also released an official statement regarding the appointment of Nandan Nilekani, the former chairman of the Unique Identification Authority of India (UIDAI), as head of the newly formed five-member committee named the High-Level Committee for Deepening of Digital Payments. The committee will submit its report within a period of 90 days from the date of its first meeting.

Note: We at Inc42 take our ethics very seriously. More information about it can be found here.

You have reached your limit of free stories
Become An Inc42 Plus Member

Become a Startup Insider in 2024 with Inc42 Plus. Join our exclusive community of 10,000+ founders, investors & operators and stay ahead in India’s startup & business economy.

2 YEAR PLAN
₹19999
₹7999
₹333/Month
UNLOCK 60% OFF
Cancel Anytime
1 YEAR PLAN
₹9999
₹4999
₹416/Month
UNLOCK 50% OFF
Cancel Anytime
Already A Member?
Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

RBI Releases Guidelines On Tokenisation For Card Transactions-Inc42 Media
How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

RBI Releases Guidelines On Tokenisation For Card Transactions-Inc42 Media
Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

RBI Releases Guidelines On Tokenisation For Card Transactions-Inc42 Media
Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

RBI Releases Guidelines On Tokenisation For Card Transactions-Inc42 Media
RBI Releases Guidelines On Tokenisation For Card Transactions-Inc42 Media
You’re in Good company