The Reserve Bank of India has released the guidelines for the tokenisation of debit, credit and prepaid card transactions.
Tokenisation refers to when a unique ‘token’ is used to mask sensitive card data, and is used in POS, QR code payments and others.
In the new guidelines, the Reserve Bank has permitted card payment networks to offer card tokenisation services to third-party app providers, or a token requestor. While this has now been accepted, a number of conditions need to be met, such as necessary security measures.
Card holders must give explicit consent to the token requestor’s app and there can be no charge given to them for accessing this service.
Under the new guidelines, all existing instructions from the Reserve Bank on safety and security of card transactions, including the additional factor of authentication (AFA) and PIN entry are also applicable to tokenised cards.
A full outline of the new conditions and guidelines can be found on the Reserve Bank’s website.
Last year, the Reserve Bank reportedly fined Airtel Payments Bank around Rs 50 million ($700,000) for failures with know your customer regulations. An investigation was launched based on complaints and adverse media reports alleging that the bank had opened customer accounts without a clear/specific consent of the customers.
Copyright © 2018 RegTech Analyst