The Reserve Bank of India (RBI) has granted permission for tokenization of debit, credit, and prepaid card transactions in India. The allowance of tokenization will add an additional layer of safety and security while conducting transactions via cards.
For the unacquainted, tokenization is the process of providing unique alternate code, known as tokens in place of the actual card details. The unique combination of symbols or elements masks the actual sensitive details when the transaction is processed at point of sales, or through QR codes and other payment modes. Thus the tokens generated are unique for every token requestor and card holder.
RBI has allowed the various card types such as Visa, Mastercard, and others to start providing tokens to the token requestors (third-party apps). Under the listed guidelines for the same, RBI suggests that the process of tokenization or detokenization should take place via an authorized card network.
While the actual card, token or other important details must be stored in secure mode, the PAN details should not be stored by the token requestors. Additionally, the use of AFA or Additional Factor of Authentication will remain in place along with tokenized transactions for enhanced security.
Furthermore, RBI has mandated that users will be provided with the ability to register or deregister themselves out of these services. Users will also be able to set transaction amount limit and number of transactions accordingly for each third-party payment service.