The Reserve Bank of India (RBI) has made it mandatory to replace all credit and debit card data used in online, point-of-sale and in-app transactions with unique tokens by September 30 this year. The deadline, starting July, was extended by three months.
Here’s what you need to know about the new rules for debit, credit card holders that will come into effect from October:
What is Card Tokenization?
According to reserve Bank of IndiaTokenization refers to the replacement of the actual card details with an alternate code called a “token”.
What is the advantage of tokenization?
A tokenized card transaction is considered secure as the actual card details are not shared with the merchant during the processing of the transaction.
How can tokenization be done?
The Cardholder can obtain the Token to the Card by initiating a request on the App provided by the Token Requester. The token requester will forward the request to the card network, which, with the consent of the card issuer, will issue a token corresponding to the combination of the card, token requester and device.
What are the charges that the customer will have to pay for availing this service?
There is no charge to the customer for availing this service.
Who can do tokenization?
tokenization Can be done only through authorized card network and list of authorized entities is available on RBI website.
What are the charges that the customer will have to pay for availing this service?
There is no charge to the customer for availing this service.
What are the use cases (examples/scenarios) for which tokens are allowed?
Tokenization through mobile phones and/or tablets is permitted for all use cases/channels (eg, contactless card transactions, payments through QR codes, apps, etc.).
Is the card token mandatory for the customer?
No, the customer can choose whether to tokenize his card or not. Those who do not wish to generate tokens can continue to transact as before by entering the card details manually while transacting.
Are customer card details safe after tokenization?
The actual card data, token and other relevant details are stored in secure mode by the authorized card network. The token requester cannot store the primary account number (PAN), i.e. the card number, or any other card details. The card network is also required to authenticate the token requester for safety and security that conforms to international best practices/globally accepted standards.
How does the process of registering for a tokenization request work?
Registration for token request is done only with explicit customer consent through Additional Authentication Factor (AFA) and not through forced/default/automatic selection of check boxes, radio buttons etc. The customer will also be given the option to select the use case and set limits.
Is there a limit to the number of cards a customer can request for a token?
The customer can request tokens for any number of cards. In order to transact, the Customer will be free to use any card registered with the Token Requester App.
Whom will the customer contact in case of any issue with his token card? Where and how can he report the loss of the device?
All complaints should be made to the card issuers. Card issuers will ensure easy access for customers to report loss of “identified devices” or any other event that could expose the token to unauthorized use.
Can a card issuer refuse tokenization of a particular card?
Answer. Based on risk perception etc., the card issuers may decide whether to allow the cards issued by them to be registered by the token requestor.
catch all business News, market news, today’s fresh news events and breaking news Updates on Live Mint. download mint news app To get daily market updates.