 "RBI enhances scope for card-tokenisation services to improve security")
The Reserve Bank of India (RBI) on Tuesday enhanced the guidelines on card tokenisation services to improve the safety and security of the payment system.
In a release, RBI said the device-based tokenisation framework advised vide circulars of January 2019 and August 2021 has been extended to Card-on-Fite Tokenisation (CoFT) services as well.
Further, the card issuers have been permitted to offer card tokenisation services as Token Service Providers (TSPs).
"The tokenisation of card data shall be done with explicit customer consent requiring Additional Factor of Authentication (AFA)," RBI said.
The release said that the above enhancements are expected to reinforce the safety and security of card data while continuing the convenience in card transactions.
RBI said that citing the convenience and comfort factor for users while undertaking card transactions online, many entities involved in the card payment transaction chain store actual card details [also known as Cand-on-File (CoF)].
"In fact, some merchants force their customers to store card details. Availability of such details with a large number of merchants substantially increases the risk of card data being stolen. In the recent past, there were incidents where card data stored by some merchants have been compromised/leaked. Any leakage of CoF data can have serious repercussions because many jurisdictions do not require an AFA for card transactions. Stolen card data can also be used to perpetrate frauds within India through social engineering techniques," said the release.
Reserve Bank had, therefore, stipulated in March 2020 that authorised payment aggregators and the merchants onboarded by them should not store actual card data.
"This would minimise vulnerable points In the system. On a request from the industry, the deadline was extended to end-December 2021, as a one-time measure. RBI has been in regular consultation with the industry to facilitate the transition," informed the release.
RBI noted that the introduction of CoFT, while improving customer data security, will offer customers the same degree of convenience as now.
"Contrary to some concerns expressed In certain sections of the media, there would be no requirement to input card details for every transaction under the tokenisation arrangement. The efforts of Reserve Bank to deepen digital payments in India and make such payments safe and efficient shall continue," added the release.
(Only the headline and picture of this report may have been reworked by the Business Standard staff; the rest of the content is auto-generated from a syndicated feed.)
You’ve reached your limit of {{free_limit}} free articles this month.
Subscribe now for unlimited access.
Already subscribed? Log in
Subscribe to read the full story →
Smart Quarterly
₹900
3 Months
₹300/Month
Smart Essential
₹2,700
1 Year
₹225/Month
Super Saver
₹3,900
2 Years
₹162/Month
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app