What changed
Previously, card tokenisation was limited to mobile phones and tablets. Now, RBI has extended the scope to include consumer devices like laptops, desktops, wearables (e.g., wrist watches, bands), and IoT devices. All other conditions from the January 2019 circular remain unchanged.
What it means for you
Banks and card networks can now offer tokenisation for a wider range of devices, potentially increasing tokenised transaction volumes. This enhances security by replacing actual card details with tokens, reducing fraud risk. Lenders should prepare for higher adoption and integrate tokenisation support across these new device categories.
What you must do
- Update tokenisation systems to support laptops, desktops, wearables, and IoT devices.
- Communicate the expanded scope to merchants and payment partners for seamless integration.
- Monitor tokenised transaction volumes and adjust fraud prevention measures accordingly.
- Ensure compliance with all existing conditions from the January 2019 circular.
Who it affects
All authorised card networks, Banks issuing cards, Merchants accepting card payments, Payment aggregators and token requestors, Cardholders using non-mobile devices
What devices are now covered under tokenisation?
Tokenisation now covers laptops, desktops, wearables like wrist watches and bands, and Internet of Things (IoT) devices, in addition to mobile phones and tablets.
Does this circular change any other tokenisation rules?
No, only the scope of permitted devices has been expanded. All other provisions from the January 2019 circular on tokenisation remain applicable.
When did this circular take effect?
The circular was issued on August 25, 2021, and is effective from that date.