Tokenisation rule for debit and credit cards by Sept 30. FAQs answered here

Tokenisation rule for debit and credit cards by Sept 30. FAQs answered here


The Reserve Bank of India (RBI) has made it mandatory for all credit and debit card data used in online, point-of-sale, and in-app transactions to be replaced with unique tokens by September 30. This layer of security by way of tokenisation is expected to enhance the digital payment experience of users, highlighted a report by news agency PTI.

The deadline was extended by three months in July so the additional time may be utilised by the industry in facilitating all stakeholders to be ready for handling tokenised transactions. Additionally, the extension was given for creating awareness among members of the public regarding the process of creating tokens and using them to undertake transactions, PTI reported.

Here are some frequently asked questions (FAQs) about tokenisation:

What is tokenisation?

The RBI says that tokenisation is the replacement of actual card details with an alternate code called the token.

What benefit does tokenisation give?

Transactions using a tokenised card are considered safer as the actual card details are not shared with the merchant during the processing of the transaction.

How does tokenisation take place?

The cardholder can get the card tokenised by initiating a request on the app provided by the token requestor. The requestor will then forward the request to the card network which, with the consent of the card issuer, will issue a token corresponding to the combination of the card, the token requestor, and the device, the PTI report added.

Who can perform tokenisation?

Tokenisation can be performed only by the authorised card network. The RBI has put out a list of authorised entities on its website.

Does the service require any payment?

The customer has to pay no charges to avail of the tokenisation service.

In which cases is tokenisation allowed?

Tokenisation has been allowed through mobile phones and/or tablets for all use cases/channels for example contactless card transactions, payments through QR codes, and apps among others.

Is tokenisation of a card mandatory?

No, it is not mandatory. Customers can choose whether or not to let their cards get tokenised. Those who do not want to opt for this service can continue to transact as before by entering card details manually during a transaction.

(With agency inputs)



Source link