The Reserve Bank of India (RBI) will begin tokenizing card transactions from July 1, 2022, in order to ensure the security of credit and debit card data.
Last year, the RBI extended the scope of tokenization by allowing card issuers to act as token service providers (TSP).
The device-based tokenisation to card-on-file tokenisation (CoFT) services will prohibit merchants from storing actual card data. To facilitate card-based transactions, tokenisation services generate a unique alternate code. Card information is stored by payment gateways and merchants in order to process future transactions.
The Reserve Bank of India had extended the scope of ‘tokenisation’ card payment services to several consumer devices including laptops, desktops, wearables like wrist watches, bands and Internet of Things (IoT), in addition to mobile phones and tablets.
“The device-based tokenisation framework advised vide circulars of January 2019 and August 2021 has been extended to Card-on-File Tokenisation (CoFT) services as well, and card issuers have been permitted to offer card tokenisation services as Token Service Providers (TSPs). The tokenisation of card data shall be done with explicit customer consent requiring Additional Factor of Authentication (AFA),” the RBI said in a statement.
It said the decision will increase the safety and security of card data while maintaining the convenience of card transactions.