The Reserve Bank of India (RBI) has made it mandatory for all credit and debit card data used in online, point-of-sale, and in-app transactions to be replaced with unique tokens by September 30 this year. The deadline was extended by three months starting July.
Here is all you need to know about the new rules for debit, credit card holders which will come into effect from October:
What is card tokenisation?
As per the RBI, tokenisation refers to the replacement of actual card details with an alternate code called the “token”.
What is the benefit of tokenisation?
A tokenised card transaction is considered safer as the actual card details are not shared with the merchant during the processing of the transaction.
How can the tokenisation be carried?
The cardholder can get the card tokenised by initiating a request on the app provided by the token requestor. The token requestor will forward the request to the card network which, with the consent of the card issuer, will issue a token corresponding to the combination of the card, the token requestor, and the device.
What are the charges that the customer need to pay for availing this service?
The customer need not pay any charges for availing this service.
Who can perform tokenisation?
Tokenisation can be performed only by the authorised card network and the list of authorised entities is available on the RBI website.
What are the charges that the customer needs to pay for availing of this service?
The customer need not pay any charges for availing of this service.
What are the use cases (instances/scenarios) for which tokenisation has been allowed?
Tokenisation has been allowed through mobile phones and/or tablets for all use cases/channels (e.g., contactless card transactions, payments through QR codes, apps etc.)
Is tokenisation of a card mandatory for a customer?
No, a customer can choose whether or not to let his / her card tokenised. Those who do not wish to create a token can continue to transact as before by entering card details manually at the time of undertaking the transaction.
Are the customer card details safe after tokenisation?
Actual card data, token and other relevant details are stored in a secure mode by the authorised card networks. Token requestor cannot store Primary Account Number (PAN), i.e., card number, or any other card detail. Card networks are also mandated to get the token requestor certified for safety and security that conform to international best practices / globally accepted standards.
How does the process of registration for a tokenisation request work?
The registration for a tokenisation request is done only with explicit customer consent through Additional Factor of Authentication (AFA), and not by way of a forced / default / automatic selection of check box, radio button, etc. Customer will also be given choice of selecting the use case and setting-up of limits.
Is there any limit on the number of cards that a customer can request for tokenisation?
A customer can request for tokenisation of any number of cards. For performing a transaction, the customer shall be free to use any of the cards registered with the token requestor app.
Whom shall the customer contact in case of any issues with his / her tokenised card? Where and how can he / she report loss of device?
All complaints should be made to the card issuers. Card issuers shall ensure easy access to customers for reporting loss of “identified device” or any other such event which may expose tokens to unauthorised usage.
Can a card issuer refuse tokenisation of a particular card?
Ans. Based on risk perception, etc., card issuers may decide whether to allow cards issued by them to be registered by a token requestor.
Download The Mint News App to get Daily Market Updates.
More
Less
