New Delhi: To ensure the security of credit, debit card data, the Reserve Bank of India (RBI) has widened the scope of tokenization and allowed card issuers to act as Token Service Providers (TSPs). The central bank is now all set to implement its card-on-file tokenization norms from October 1.
What is Tokenization of Card Transactions?
Under token services, a unique alternate code is generated for the convenience transaction through card, Card-on-File refers to the card information stored by payment gateways and merchants for processing future transactions.
The Reserve Bank of India had extended its scope a few months back. ‘Tokenization’ card payment services For many consumer devices including laptops, desktops, wristwatches, bands and wearable devices such as Internet of Things (IoT) in addition to mobile phones and tablets.
The device-based tokenization framework has also been extended to card-on-file tokenization (COFT) services, as advised through the January 2019 and August 2021 circulars, and to card issuers as Token Service Providers (TSPs). Permission has been given to offer card tokenization services. ) Tokenization of card data will be done with explicit customer consent, which requires Additional Factor of Authentication (AFA),” RBI had said in a statement.
It said the decision will strengthen the security and security of card data while continuing to facilitate card transactions.
The RBI said that many entities involved in the card payment transaction chain store the actual card details, citing the convenience and comfort factor for users while making online card transactions.
Some merchants force their customers to store card details.
The availability of such details with a large number of merchants substantially increases the risk of card data theft. In recent times, there have been incidents where card data stored by some merchants has been compromised/leaked.
Any leakage of COF data could have dire consequences as many jurisdictions do not require AFA for card transactions, RBI said, adding that stolen card data can be used to eliminate frauds within India through social engineering techniques. can also be done.
Tokenization of card data, however, will be done with the AFA requirement with explicit customer consent, it added. RBI said that COFT will provide the same facility to the customers while improving customer data security.