In 2019, RBI had permitted authorized card payment networks to offer card tokenisation services to any token requestor (i.e., third-party app provider) through mobile phones and tablets. Now RBI has extended the scope of tokenization to include consumer devices – laptops, desktops, wearables (wristwatches, bands, etc.), Internet of Things (IoT) devices, etc.
The permission for tokenization extends to various channels [e.g., Near Field Communication (NFC) / Magnetic Secure Transmission (MST) based contactless transactions, in-app payments, QR code-based payments, etc.] or token storage mechanisms (cloud, secure element, trusted execution environment, etc. The ultimate responsibility for the card tokenization services rendered rests with the authorized card networks.
What is Tokenisation?
Tokenisation refers to the replacement of actual card details with a unique alternate code called the “token”, which shall be unique for a combination of card, token requestor, and device (referred hereafter as “identified device”).