The Reserve Bank of India (RBI) on Wednesday extended the scope of permitted devices for tokenisation of card transaction to include consumer devices such as laptops, desktops, wearables, and Internet of Things (IoT) devices.
The central bank said its latest take on tokenisation, which in the set context substitutes sensitive customer data with a randomised time-sensitive alphanumeric ID, was a result of an uptake in the volume of tokenised card transactions during the recent months.
RBI had first in January 2019 permitted authorised card networks to offer card tokenisation services to any token requestor, subject to a set of conditions listed. Back then, the facility was available only for mobile phones and tablets of interested card holders.
“All other provisions of the circular referred to above (Jan 2019) shall continue to be applicable. This initiative is expected to make card transactions more safe, secure and convenient for the users,” Chief General Manager P Vasudevan, said in the notification.
In response, global payments giant Visa said it welcomes the development and that world over tokenisation has evolved to enable payments through connected devices and risk-based authentication.
“Solutions such as Visa Token Service can help prevent fraud by devaluing data and offering financial institutions, merchants, and third-party payment providers, such as digital wallet providers, a secure way to enable mobile and online payments without sharing sensitive account information,” TR Ramachandran, group country manager, India and South Asia, Visa, said in a statement.
The Visa Token Service is a security technology that replaces sensitive payment account information found on payment cards, such as the 16-digit account number, expiration date and security code, with a unique digital identifier that can be used to process payments without exposing actual account details.
Separately, industry lobby group Payments Council of India on Wednesday said it is working in alignment with the RBI on possible secure card-on-file solutions which will ensure a near similar customer experience for online purchases whilst enhancing the security of the storage of card credentials of customers.
In March 2020, RBI released a notification, for payment system providers and participants to put in place workable solutions such as tokenization for enhancing the security of storage of customer’s card credentials.
“We are working closely with RBI on charting a roadmap of the possible solutions that could be adopted by the industry for securing the storage of raw card data. Solutions being worked upon, would not require the customers to enter their card number manually every time they make an online purchase, PCI said.