Mumbai: Rise of Online Banking Frauds, specifically leakage of online stored card details has been a worry for RBI and other Fintech organisations. Various alternatives and safegaurds have been under consideration ever since.
RBI has today issued a notification to all authorised payment networks regarding ‘Tokenisation’ of card transactions. For the present, this facility shall be offered through mobile phones / tablets only. Its extension to other devices will be examined later based on experience gained.
This is in continuation of efforts towards improvement of safety and security of card transactions in specific use cases. The RBI vide its notification has decided to permit authorised card payment networks to offer card tokenisation services to any token requestor (i.e., third party app provider), subject to the conditions as prescribed.
As said in the notification, this permission extends to all use cases / channels [e.g., Near Field Communication (NFC) / Magnetic Secure Transmission (MST) based contactless transactions, in-app payments, QR code-based payments, etc.] or token storage mechanisms (cloud, secure element, trusted execution environment, etc.).
In order to check compliance and maintain standards for security, authorised card payment networks shall put in place a mechanism for periodic system (including security) audit at frequent intervals, at least annually, of all entities involved in providing card tokenisation services to customers. This Audit shall be undertaken by empanelled auditors of Indian Computer Emergency Response Team (CERT-In) and all related instructions of Reserve Bank in respect of system audits shall also be adhered to.
With newer technologies and alternatives like this, the security measures are likely to be enhanced and thus the rising havoc of online card payment frauds are expected to be curtailed.