Card Tokenization Explained| How to Tokenize Card| Credit Card Tokenization| RBI | Data Security |

Card Tokenization Explained| How to Tokenize Card| Credit Card Tokenization| RBI | Data Security |

This Video Discusses “Reserve Bank of India mandate around Tokenisation of Card Data by Card Holders" Reserve Bank of India encourages cardholders to tokenise their cards- The Reserve Bank encourages cardholders to tokenise their cards for their own safety. Cardholders’ payment experience will be enhanced through an added layer of security by way of tokenisation. It has been decided to extend the timeline for storing of CoF data by three months, i.e., till September 30, 2022, after which such data shall be purged. This directive is issued under Section 10 (2) read with Section 18 of Payment and Settlement Systems Act, 2007 (Act 51 of 2007).

RBI Circular - https://rbi.org.in/scripts/Notificati...

Q&A Around Tokenization

1. What is tokenisation?

Ans. Tokenisation refers to replacement of actual card details with an alternate code called the “token”, which shall be unique for a combination of card, token requestor (i.e. the entity which accepts request from the customer for tokenisation of a card and passes it on to the card network to issue a corresponding token) and device (referred hereafter as “identified device”).

2. What is de-tokenisation?

Ans. Conversion of the token back to actual card details is known as de-tokenisation.

3. What is the benefit of tokenisation?

Ans. A tokenised card transaction is considered safer as the actual card details are not shared with the merchant during transaction processing.

4. How can the tokenisation be carried?

Ans. The card holder can get the card tokenised by initiating a request on the app provided by the token requestor. The token requestor will forward the request to the card network which, with the consent of the card issuer, will issue a token corresponding to the combination of the card, the token requestor, and the device.

5. What are the charges that the customer need to pay for availing this service?

Ans. The customer need not pay any charges for availing this service.

6. What are the use cases (instances / scenarios) for which tokenisation has been allowed?

Ans. Tokenisation has been allowed through mobile phones and / or tablets for all use cases / channels (e.g., contactless card transactions, payments through QR codes, apps etc.)

7. Can tokenisation be enabled through a smart watch or such other devices?

Ans. The feature of tokenisation is restricted to mobile phones and / or tablets only.

8. Who can perform tokenisation and de-tokenisation?

Ans. Tokenisation and de-tokenisation can be performed only by the authorised card network. The list of card networks authorised by RBI to operate in India is available on RBI website at the link https://www.rbi.org.in/Scripts/Public....

9. Who are the parties / stakeholders in a tokenisation transaction?

Ans. Normally, in a tokenised card transaction, parties / stakeholders involved are merchant, the merchant’s acquirer, card payment network, token requestor, issuer and customer. However, an entity, other than those indicated, may also participate in the transaction.

10. Are the customer card details safe after tokenisation?

Ans. Actual card data, token and other relevant details are stored in a secure mode by the authorised card networks. Token requestor cannot store Primary Account Number (PAN), i.e., card number, or any other card detail. Card networks are also mandated to get the token requestor certified for safety and security that conform to international best practices / globally accepted standards.

11. Is tokenisation of card mandatory for a customer?

Ans. No, a customer can choose whether or not to let his / her card tokenised.

12. Does the customers have the option to select tokenisation for a particular use case?

Ans. Customers have the option to register / de-register their card for a particular use case, i.e., contactless, QR code based, in-app payments, etc.

------------------------------------------------------------------------------------------
About the speaker:-

Apoorva Bhatnagar is an acting Virtual Chief Financial Officer working with corporates to Increase Financial Literacy. She is an ex-banker and has an overall experience of close to a decade in banking. She possesses a certificate of CAIIB from Banking and finance. She completed her MBA in Banking and B.Tech in Information Technology.


#datasecurity #paymentsecurity #cardtokenization