GIFT a SubscriptionGift
HamberMenu
  1. Cricket
  2. Data
  3. Health
  4. Opinion
  5. SEARCH Icon
  1. Cricket
  2. Data
  3. Health
  4. Opinion
  5. SEARCH Icon

To enjoy additional benefits

GIFT a SubscriptionGift
ShowcaseCrossword+

CONNECT WITH US

year
Click here for our in-depth coverage of Lok Sabha and Assembly elections #ElectionsWithTheHindu

Customers cannot be charged for availing tokenisation service: RBI

Allows card payment networks to offer the facility to third-party app providers

January 08, 2019 10:51 pm | Updated 10:51 pm IST - Mumbai

Special Correspondent

The Reserve of India (RBI) has allowed all card payment networks to offer tokenisation service. However, the central bank has made it clear that no charges should be recovered from the customer for availing this service.

Tokenisation involves a process in which a unique token masks sensitive card details. The token is then used to perform card transactions in contact-less mode at Point Of Sale (POS) terminals, Quick Response (QR) code payments, etc.

The RBI has allowed card payment networks to offer card tokenisation services to any token requestor, that is, a third party app provider. A card holder can avail of these services by registering the card on the token requestor’s app and after giving ‘explicit consent’.

“All extant instructions of Reserve Bank on safety and security of card transactions, including the mandate for additional factor of authentication (AFA) / PIN entry shall be applicable for tokenised card transactions also,” the RBI said in a release.

“This permission extends to all use cases/channels [e.g., Near-Field Communication (NFC) / Magnetic Secure Transmission (MST)-based contact-less transactions, in-app payments, QR code-based payments etc.] or token storage mechanisms (cloud, secure element, trusted execution environment etc.). For the present, this facility shall be offered through mobile phones/tablets only. Its extension to other devices will be examined later based on the experience gained,” the RBI said.

For additional factor of authentication, PIN entry shall be applicable for tokenised card transactions also.

Safety measures

“Adequate safeguards shall be put in place to ensure that PAN cannot be found out from the token and vice versa by anyone except the card network,” the RBI said.

“Moreover, actual card data, token and other relevant details shall be stored in a secure mode and the token requestors are not allowed to store PAN or any other card detail,” the release added. The ultimate responsibility for the card tokenisation services rendered rests with the authorised card networks, the RBI said.

Top News Today

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.