Industry view: Tokenisation circular modifications give banks more control over card data
[ad_1]
Read More/Less
The facility of tokenisation shall be offered by TSPs only for the cards issued by them, and the ability to tokenise and de-tokenise card data shall be with the same TSP.
The modifications made on Tuesday to the guidelines on tokenisation of card-based transactions allow banks a greater control over their customers’ data, said industry players.
The Reserve Bank of India (RBI) on Tuesday issued a set of relaxations with respect to its earlier mandate of tokenisation of card transactions. The regulator permitted card issuers to offer tokenisation services and become token service providers (TSPs). The facility of tokenisation shall be offered by TSPs only for the cards issued by them, and the ability to tokenise and de-tokenise card data shall be with the same TSP.
The tokenisation or encryption of card data shall be done with explicit customer consent with an additional factor of authentication (AFA) validation by the card issuer.
This means while card users can still choose to store their card details with a payment aggregator if they choose to, they will not be able to do so by checking a box, as was the case thus far. Instead, they will have to provide their explicit consent through an OTP or some similar instrument. The new rules kick in from January 1, 2022.
Madhusudanan P, co-founder and CEO, YAP by M2P Solutions, said with the latest relaxation, the RBI has given a fresh lease of life to tokenisation by payment aggregators. “The crux of it lies in enabling banks to be in control of the whole tokenisation service, which was earlier limited to third-party intermediaries. Now, if a large bank wants to be in control of their customers’ data because they see it as an important function, they can do the tokenisation themselves,” he said.
Sanjeev Moghe, EVP & head — cards & payments, Axis Bank, said the regulation will help prevent instances of unauthorised usage of customer data, theft and misuse of cards. “With tokenisation, a card-specific token is generated. Going forward, that token can be used for all online transactions. This will ensure an enhanced security. In case of any data breach or hacking attempt at the merchant’s end, the customer’s card details will still be protected,” Moghe said.
The mandate to tokenise all card information while carrying out transactions had become a sticky point for the payments industry, as they saw the new guidelines to be detrimental to the experience of smooth checkouts. Last month, industry body Payments Council of India had said the industry was working in alignment with the RBI on possible secure card-on-file tokenisation (CoFT) solutions to ensure a smooth customer experience for online purchases while enhancing the security of the storage of card credentials.
“It may be noted that introduction of CoFT, while improving customer data security, will offer customers the same degree of convenience as now,” the RBI said on Tuesday, adding, “Contrary to some concerns expressed in certain sections of the media, there would be no requirement to input card details for every transaction under the tokenisation arrangement.”
“The regulator has expanded the scope of tokenisation to include things like wearables and other devices. Eventually, we could even see tokenisation rules applied to payments for transit systems,” said an expert on condition of anonymity.
Get live Stock Prices from BSE, NSE, US Market and latest NAV, portfolio of Mutual Funds, Check out latest IPO News, Best Performing IPOs, calculate your tax by Income Tax Calculator, know market’s Top Gainers, Top Losers & Best Equity Funds. Like us on Facebook and follow us on Twitter.
Financial Express is now on Telegram. Click here to join our channel and stay updated with the latest Biz news and updates.
[ad_2]