The Reserve Bank of India released guidelines in relation to tokenisation for various card transactions that include debit and credit cards. Tokenisation is the process involving substitution of original card details such as card number, expiry date, CVV etc with an alternate unique code referred as the token. This token shall be unique considering the combination of token requestor, card and identified device, and aims to enhance security and safety of the payment system.
The token thus provided is used in performing card transactions in contactless mode at point of sale (POS) terminals, quick response (QR) code payments.
The central bank has given its go ahead to provide tokenized card transactions services to all channels, including near field communication (NFC), magnetic secure transmission (MST) based contactless transactions, in-app payments, QR code-based payments or token storage. Further the apex banking authority said that card transactions via token shall be enabled only through tablets or mobile phones in the first instance and later based on the experience will be extended to other devices.
The release also added that the process of tokenisation and de-tokenisation will be carried out only by the authorized card network. For the execution of tokenisation and de-tokenisation, the request should be entered by the card network and be available for retrieval. Also, the release said that for availing this service customer will not have to pay any charges.
"Card networks shall get the card issuers/acquirers, their service providers and any other entity involved in payment transaction chain, certified in respect of changes done for processing tokenised card transactions by them," the release said.