RBI's new guidelines on tokenisation for card transactions

New Delhi : Owing to the improvement of secured payment system in India, the RBI has declared guidelines on tokenisation for debit, credit and prepaid card transactions.

Tokenisation is a process which includes unique token masks sensitive card details. The token is used in lieu of actual card details to perform card transactions in contactless mode at

• Point of sale (POS) terminals
• Quick Response (OR) code payments
• Near Field Communication (NFC)/Magnetic Secure Transmission (MST) based contactless transactions
• In-app payments or token storage mechanisms (cloud, secure element, trusted execution environment, etc)

The guidelines have been issued under Section 10 (2) along with Section 18 of Payment and Settlement Systems Act, 2007 (Act 51 of 2007). The directive complies with guidelines such as Payment Card Industry Data Security Standard (PCI DSS), an international organisation. It is believed that the new rule will help avoid the misuse of card details or network hacking.

Benefits of Tokenisation

Authorised card payment networks can now offer card tokenisation services to any token requestor, subject to conditions enumerated in the guidelines with a mandate for an additional factor of authentication.

"A cardholder may avail of these services by registering the card on the token requestor's app after giving explicit consent. No charges shall be recovered from the customer for availing this service. Also, the ultimate responsibility for the card tokenisation services rendered rests with the authorised card networks," the RBI said in an official statement.

Tokenisation facility will be offered through mobile phones/tablets only. Its extension to other devices will be examined later, based on the experience gained.