Business

RBI Promotes 'Tokenisation' To Make Card Payments More Secure

HARSH RANJAN | 0
4476
| January 9 , 2019 , 19:17 IST

RBI has allowed the card payment companies to provide a 'tokenised' service to their customers to facilitate card transactions in a secured manner.

The central bank said that card payment companies will have to ensure that all parties that may be part of the “tokenised transaction chain” comply with existing RBI guidelines regarding the safety and security of card transactions.

It means that token payment services will have to ensure that every transaction includes either the additional factor of authentication or personal identification number entry by customers.

Here is the chart showing the 'Tokenisation' process.

The card payment company will also have to register the ‘token requestor’ or third party app with the RBI and ensure that the latter’s systems comply with existing security guidelines.

After the implementation of this rule, customers will be able to create a unique alternative code or ‘token’ that will mask their actual card details to conduct financial transactions.

Tokenisation involves a process in which a unique token masks sensitive card details.

While ‘tokenisation’ was already permitted in some cases, the regulator’s latest circular attempts to broaden its use in the interest of making digital payments more secure.

While making any payment online, the website asks to save the card details and after approval, it gets stored their but that details are misused sometimes and customers face difficulties.

To reduce that risk, one can opt for tokenisation.

The process involves creating a unique ‘token’, which is a combination of the card, the token requester (for example the food delivery app) and of the ‘identified’ device (such as your mobile phone).

The customer can then continue to make numerous transactions on the app, without revealing or storing their card details with the app or the service provider as these details are encrypted within the token.

With tokenisation, the card details are masked through a randomly generated number, which only the card operator can decrypt.

While card companies have provided the service in the past, the latest notification from the central bank allows them to expand the service across payment channels.

Customers will be able to set or modify transaction limits for a tokenised card transactions and they will be able to register/de-register their card for particular use cases.

Card payment companies will be responsible for the security and efficacy of the entire token transaction system, said the RBI.

ALSO READ: RBI slashes repo rate by 0.25%, inflation likely to get down

RBI recently said in a statement that card issuers, or banks, also need to create an easy mechanism by which customers can report the loss of their identified device or any authorised user of the tokens created.

In addition, card payment companies must put in place an appropriate dispute resolution process for these tokenised transactions, the statement added.