The Reserve Bank of India (RBI) on Tuesday enhanced the guidelines on card tokenization services to improve the safety and security of the payment system.
The Reserve Bank of India (RBI) on Tuesday enhanced the guidelines on card tokenization services to improve the safety and security of the payment system.
In a release, RBI said the device-based tokenization framework advised vide circulars of January 2019 and August 2021 has been extended to Card-on-Fite Tokenisation (CoFT) services as well.
Further, the card issuers have been permitted to offer card tokenization services as Token Service Providers (TSPs).
"The tokenization of card data shall be done with explicit customer consent requiring Additional Factor of Authentication (AFA)," RBI said.
The release said that the above enhancements are expected to reinforce the safety and security of card data while continuing the convenience of card transactions.
RBI said that citing the convenience and comfort factor for users while undertaking card transactions online, many entities involved in the card payment transaction chain store actual card details [also known as Cand-on-File (CoF)].
"In fact, some merchants force their customers to store card details. Availability of such details with a large number of merchants substantially increases the risk of card data being stolen. In the recent past, there were incidents where card data stored by some merchants have been compromised/leaked. Any leakage of CoF data can have serious repercussions because many jurisdictions do not require an AFA for card transactions. Stolen card data can also be used to perpetrate frauds within India through social engineering techniques," said the release.
No comments:
Post a Comment