The Reserve Bank of India has extended the scope of permitted devices for undertaking tokenised card transactions to include consumer devices such as laptops, desktops, wearables (wrist watches, bands, etc.), and Internet of Things (IoT) devices.
This is in view of uptake in the volume of such transactions during the recent months.
The RBI, in a circular to authorised card networks, said this initiative is expected to make card transactions more safe, secure, and convenient for the users.
Hitherto, the tokenised card transaction facility was available only for mobile phones and tablets of interested cardholders.
Tokenisation means the replacement of actual card details with a unique alternate code called the “token”, which will be unique for a combination of card, token requestor and device.
Authorised networks
In January 2019, the central bank had permitted authorised card payment networks to offer card tokenisation services to any token requestor (that is third-party app provider), subject to the conditions.
There are five authorised card payment networks — American Express Banking Corp, Diners Club International Ltd, MasterCard Asia/ Pacific Pte Ltd, National Payments Corporation of India and Visa Worldwide Pte Ltd — operating in India.
In the January 2019 circular, the RBI said its permission to card networks for tokenisation in card transactions extends to all use cases/channels [for example: near field communication/ magnetic secure transmission-based contactless transactions, in-app payments, QR code-based payments, etc.] or token storage mechanisms (cloud, secure element, trusted execution environment, etc.).
All extant instructions of RBI on safety and security of card transactions, including the mandate for Additional Factor of Authentication (AFA)/PIN entry, are applicable for tokenised card transactions also.