National Payments Corporation of India (NPCI) launched NPCI Tokenization System (NTS), which will tokenise and mask the real RuPay card details (CoFT: card-on-file tokenisation). With the NTS, RuPay cards can be tokenised to protect customer data and privacy.
According to RBI’s new Payments Aggregators and Payment Gateways guidelines set to take effect in January 2022, merchants aren’t allowed to store customer card data. This means that customers will be forced to enter their sixteen-digit card numbers and CVV each time they renew their subscription or make a new payment.
However, the central bank vide circulars of January 2019 and August 2021 granted card issuers to issue card tokenisation services after receiving explicit customer consent.
Based on RBI mandated guidelines, sensitive customer information will be stored as an encrypted token that can be used to secure transactions. Payments can be processed with these tokens without disclosing customer details or allowing intermediaries to store customer data.
Using NTS, banks, aggregators, merchants, and other payment intermediaries can get themselves NCPI certified, allowing them to play the role of ‘token requestor’. The token requestor can then use the Token Reference On File (TROF) to authorise payments from the card-issuing authority.
In theory, this means that businesses can renew their customers’ subscriptions without forcing them to reenter transaction details and without storing their data which would go against the RBI guidelines.
Kunal Kalawatia, Chief of Products, National Payments Corporation of India said, “We believe that this unique Card-on-File Tokenisation solution will not only safeguard customers’ confidential data but will also further strengthen the overall digital payments environment.”