RBI’s Card Tokenisation Rule

Context

The Reserve Bank of India (RBI) has decided to defer the implementation of tokenization of debit and credit cards for online transactions by a further six months following representations from stakeholders.

Decision of RBI

• RBI has also extended tokenization of Card-on-File (CoF) transactions where card details are saved by merchants — and directed the merchants not to store card details in their systems from January 1, 2022.
• A CoF transaction is one in which a cardholder has authorized a merchant to store his or her Mastercard or Visa payment details, and to bill the stored account.
  • E-commerce companies and airlines and supermarket chains often store card details.

What is Tokenisation?

• Tokenisation refers to the replacement of credit and debit card details with an alternative code called a ‘token’.
• This token is unique for a combination of card, token requestor (the entity that accepts a request from the customer for tokenisation of a card and passes it on to the card network to issue a token) and the device.

Benefits of Tokenization

• Transaction safety: Tokenization reduces the chances of fraud arising from sharing card details.
• Easy payments: The token is used to perform contactless card transactions at point-of-sale (PoS) terminals and QR code payments.
• Data storage: Only card networks and card-issuing banks will have access to and can store any card data.

??How are the transactions processed?

• There are many players involved in processing one card transaction in today times:
  • Merchant
  • Payment aggregator
  • Issuing bank
  • Card network
• When a transaction happens on a merchant platform, the data is sent to the payment aggregator (PA).
• The PA next sends the details to either the issuing bank or the card network.
• Then issuing bank sends an OTP and the transaction flows back.