Documente Academic
Documente Profesional
Documente Cultură
TOKENIZATION Reserve Bank of India has issued a directive under Section 10 (2) read with
Section 18 of Payment and Settlement Systems Act, 2007 to permit
Tokenization is authorized payment networks to offer tokenization services to any token
replacement of actual requestor in payment card transactions, subject to conditions enumerated
critical card details with an in the directive. The directive will further improve the security of card data
alternate code called the in payment card transactions.
“token”. This token is
always unique for a The token requestors will be third party application providers and initially
combination of card, token the offering of this facility will only be limited to mobile phones and/or
requestor (i.e. the tablets to serve following payment channels:
application provider) and
the device. • Contactless transactions over Near Field Communication (NFC) / Magnetic
Secure Transmission (MST)
• QR code-based transactions
• In app payment transactions
• Point of Sale Terminals
What Does This Directive
Offer to Your End
Customers/Card Holders?
Card network must provide a resolution process to customers for tokenized card transactions.
Before providing card tokenization services, authorized card payment networks must deploy a mechanism for periodic
system and security audit, at least annually, of all entities involved in providing card tokenization services to end
customers. This audit shall be undertaken by Indian Computer Emergency Response Team (CERT-In) empanelled auditors.
A copy of this audit report must be submitted to the Reserve Bank of India.
Card issuers as per their risk assessment may decide whether to allow cards issued by them to be registered by a token
requestor.
Card issuers must set up a process for customers for reporting loss of “device” or any other such event which may expose
tokens to unauthorized usage. Card network, along with card issuers and token requestors, must immediately de-activate
such tokens and associated keys.
Network Intelligence offers an array of services in cybersecurity domain which can help organizations to secure their
systems, applications and tokenization processing process thereby making them compliant to RBI guidelines.
Network Intelligence has credentials such as CERT-IN empanelled auditor and PCI QSA to perform the mandatory system
and security audit of the organizations to assess their end to end tokenization process.
Network Intelligence has proven experience in application and network security assessment and has consultants with
OSCP and CREST credentials to assess your mobile applications and IT infrastructure by performing penetration testing
against industry accepted standards.