60 likes | 72 Views
Standing tall as the prime law firm in Mumbai, Khaitan Legal Associates employs the best approach to handle litigation cases.
E N D
TOKENISATION & It'sImplementation Compliances
AboutTokenisation Tokenisationmeansmaskingorsubstitutingsensitivedatawith uniqueidentificationnumberwhileretaining alltheessentialinformationaboutthedata.Thisequivalentunique replacementdataiscalledatoken. Tokenisationisaglobalpracticeaimedatpreventingdisclosureof carddetailstoanyentityapartfromthe cardholder,cardnetworkorissuer.Theconceptoftokenisationwas firstintroducedin2005by Shift4paymentstoprotectcardholderdata.
Necessarycompliancesrequired forimplementingtokenisation Businessesthatacceptcardpaymentsneedtobeincompliancewiththe Payment Card Industry Data Security Standard (“PCI DSS”), which adds credibilitytoensuretheircustomers. Card networks are required to get the token requestor certified for (a) token requestor’ssystems,includinghardwaredeployedforthispurpose,(b)security oftokenrequestor’sapplication,(c)featuresforensuringauthorisedaccessto token requestor’s app on the identified device, and, (d) other functions performed by the token requestor, including customer on-boarding, token provisioningandstorage,datastorage,transactionprocessing,etc.
Necessarycompliancesrequired forimplementingtokenisation Card networks are required to get the card issuers / acquirers, their service providersandanyotherentityinvolvedinpaymenttransactionchain,certified in respect of changes done for processing tokenised card transactions by them. Registrationofcardontokenrequestor’sappshallbedoneonlywithexplicit customer consent through AFA, and not by way of a forced / default / automaticselectionofcheckbox,radiobutton,etc. Securestorageoftokensandassociatedkeysbytokenrequestoron successfulregistrationofcardshallbeensured.
Necessarycompliancesrequired forimplementingtokenisation Card issuers shall ensure easy access to customers for reporting loss of “identified device” or any other such event which may expose tokens to unauthorised usage. Card network, along with card issuers and token requestors,shallputinplaceasystemtoimmediatelyde-activatesuchtokens andassociatedkeys. Disputeresolutionprocessshallbeputinplacebycardnetworkfortokenised cardtransactions. Cardnetworkshallensuremonitoringtodetectanymalfunction,anomaly, suspicious behaviour or the presence of unauthorized activity within the tokenisationprocessandimplementaprocesstoalertallstakeholders.
For MOre InformationVisit www.khaitanlegal.com