The Reserve Bank of India has allowed tokenization of debit, credit and prepaid card transactions to enhance the safety of the digital payments ecosystem in the country. By this means the regulator will allow the card details to be masked while a transaction is processed at point of sales, QR codes and other payment modes.
This move could be extremely beneficial for mobile wallets, apps which allow cards to be stored for future transactions and also enhance the safety angle for contactless payments.
The regulator has clearly said that additional factor authentication will still be applicable for tokenized card transactions. However the RBI has opened up this mode of transaction only for mobile phone or tablets and not for any other electronic devices.
“Tokenisation and de-tokenisation shall be performed only by the authorised card network and recovery of original Primary Account Number (PAN) should be feasible for the authorised card network only. Adequate safeguards shall be put in place to ensure that PAN cannot be found out from the token and vice versa, by anyone except the card network,” read the RBI guidelines which cleared out that the card networks will remain responsible for security of such services.
The RBI has also given the customer options to register or deregister for these services and will be able to set limits of transactions, number of transactions among other facilities.
“AFA validation during card registration, as well as, for authenticating any transaction, shall be as per extant Reserve Bank instructions for authentication of card transaction,” said the RBI. This means that besides doing a second factor authentication during registration of the card, the network will also have to do an additional factor of authentication during the transaction.
For this, the Authorised Card Network Will have to Furnish a Return by 10th of Every Month. Download the Circular Below