P&H HC: Eyewitness Account Not Credible if Eyewitness Directly Identifies Accused in Court  ||  Delhi HC: Conditions u/s 45 PMLA Have to Give Way to Article 21 When Accused Incarcerated for Long  ||  Delhi High Court: Delhi Police to Add Grounds of Arrest in Arrest Memo  ||  Kerala High Court: Giving Seniority on the Basis of Rules is a Policy Decision  ||  Del. HC: Where Arbitrator has Taken Plausible View, Court Cannot Interfere u/s 34 of A&C Act  ||  Ker. HC: No Question of Estoppel Against Party Where Error is Committed by Court Itself  ||  Supreme Court: Revenue Entries are Admissible as Evidence of Possession  ||  SC: Mere Breakup of Relationship Between Consenting Couple Can’t Result in Criminal Proceedings  ||  SC: Bar u/s 195 CrPC Not Attracted Where Proceedings Initiated Pursuant to Judicial Order  ||  NTF Gives Comprehensive Suggestions on Enhancing Better Working Conditions of Medical Professions    

Permitting Card-on-File Tokenisation (CoFT) services in Tokenisation - Card transactions- (Reserve Bank of India) (07 Sep 2021)

MANU/RMIC/0121/2021

Banking

This is with reference to circular DPSS.CO.PD No.1463/02.14.003/2018-19 dated January 8, 2019 on "Tokenisation - Card transactions", permitting authorised card networks to offer card tokenisation services subject to the conditions listed therein. Initially limited to mobile phones and tablets, this facility was subsequently extended to laptops, desktops, wearables (wrist watches, bands, etc.), Internet of Things (IoT) devices, etc., vide our circular CO.DPSS.POLC.No.S-469/02-14-003/2021-22 dated August 25, 2021 on "Tokenisation - Card Transactions : Extending the Scope of Permitted Devices".

2. Reference is also invited to our circulars DPSS.CO.PD.No.1810/02.14.008/2019-20 dated March 17, 2020 (as updated from time to time) and CO.DPSS.POLC.No.S33/02-14-008/2020-2021 dated March 31, 2021 on "Guidelines on Regulation of Payment Aggregators and Payment Gateways", advising that neither the authorised Payment Aggregators (PAs) nor the merchants on-boarded by them shall store customer card credentials [also known as Card-on-File (CoF)].

3. On a review of the tokenisation framework and to enable cardholders to benefit from the security of tokenised card transactions as also the convenience of CoF, it has been decided to effect the following enhancements -

a. Extend the device-based tokenisation1 framework referred to at paragraph 1 above to CoF Tokenisation (CoFT) as well.

b. Permit card issuers to offer card tokenisation services as Token Service Providers2 (TSPs).

c. The facility of tokenisation shall be offered by the TSPs only for the cards issued by / affiliated to them.

d. The ability to tokenise3 and de-tokenise card data shall be with the same TSP.

e. Tokenisation of card data shall be done with explicit customer consent requiring Additional Factor of Authentication (AFA) validation by card issuer.

f. Additional requirements relating to CoFT are listed in the Annex.

4. Further, in the interest of clarity, the following points may be noted -

a. With effect from January 1, 2022, no entity in the card transaction / payment chain, other than the card issuers and / or card networks, shall store the actual card data. Any such data stored previously shall be purged.

b. For transaction tracking and / or reconciliation purposes, entities can store limited data - last four digits of actual card number and card issuer's name - in compliance with the applicable standards.

c. Complete and ongoing compliance with the above by all entities involved, shall be the responsibility of the card networks.

5. This directive is issued under Section 10 (2) read with Section 18 of Payment and Settlement Systems Act, 2007 (Act 51 of 2007).

Tags : PERMISSION   COFT   TOKENISATION  

Share :        

Disclaimer | Copyright 2024 - All Rights Reserved