RBI issues card use tokenisation norms
Mumbai: The RBI Tuesday released guidelines on tokenisation for various card transactions, including from debit and credit cards. Tokenisation, which aims at improving safety and security of the payment system, refers to replacement of actual card details with an unique alternate code called the 'token', which shall be unique for a combination of card, token requestor and identified device.
Instead of using actual card details, this token is used to perform card transactions in contactless mode at point of sale(POS) terminals, quick response(QR) code payments.
RBI has given permission to offer tokenised card transactions services to all channels such as near field communication (NFC), magnetic secure transmission (MST) based contactless transactions, in-app payments, QR code-based payments or token storage mechanisms, including cloud, secure element and trusted execution environment.
At present, tokenised card transaction facility would be offered through mobile phones or tablets only and will be extended to other devices later based on experience, the central bank said.
Tokenisation and de-tokenisation shall be performed only by the authorised card network and recovery of original Primary Account Number (PAN) should be feasible for the authorised card network only, the release said.
The request for tokenisation and de-tokenisation should be logged by the card network and available for retrieval. A customer would not have to pay any charges for availing this service, it said.