While card tokenisation was a major reform to enhance the security of online transactions, the Reserve Bank of India (RBI) has added another layer of safety.
Statement on Developmental and Regulatory Policies, issued on October 6, states that a Card-on-File (CoF) token can only be created through the merchant’s application or webpage. It is now proposed to introduce CoF token creation facilities directly at the issuer bank level. This measure will enhance convenience for cardholders to get tokens created and linked to their existing accounts with various e-commerce applications.
Read More: 87% Of Rs 2,000 Notes Deposited, Rs 12,000 Cr Of Currency Yet To Return: RBI
RBI introduced Card-on-File Tokenisation (CoFT) in September 2021 and began implementation on October 1, 2022. So far, over 56 crore tokens have been created on which transactions with a value of over Rs 5 lakh crore have been undertaken. Tokenisation has improved transaction security and approval rates, as per the statement.
Tokenisation represents a crucial reform that greatly enhances the security of online transactions. CoF Tokenization, in particular, adds an extra layer of protection to card credentials, making it essential for every cardholder to utilise this feature to safeguard their data, which would otherwise be vulnerable during card transactions.
Read More: Inflation-Growth Paradox: What RBI Governor Shaktikanta Das Said About GDP Growth, Prices
Adhil Shetty, CEO of BankBazaar.com, says, “The RBI has been trying to reduce the storage of actual card details, known as Card-on-File (CoF), on third-party sites to reduce the risk of card data being stolen. Way back in 2019, device-based card tokenisation for mobile-based transactions was enabled. This was extended to online transactions in 2020, when the RBI stipulated that payment aggregators and merchants should not store actual card data; instead, all stored card data should be tokenised. Until now, the CoF token could be created only through merchant’s application or webpage at the time of making a payment.”
“However, with today’s announcement, it would be possible for users to create tokens directly at the issuer bank. The expectation is that once this is implemented, you would be able to create and manage your card tokens for the e-commerce sites directly from your bank account, pretty much like setting your credit limits and spending limits over net banking or banking app. This gives you greater control over managing your card token and allows you to add, modify, and delete tokens remotely, without accessing the website,” added Shetty.
Read More: RBI Projects GDP Growth For 2023-24 At 6.5%
Thus, with this development, CoFTs can now be generated directly at the issuer bank level. This empowers cardholders with convenient, transparent, and easily accessible payment solutions.
Rahul Jain, CFO of NTT DATA Payment Services India, said, “This process poses minimal challenges for issuer banks, as most of them can leverage the existing unified payment framework for token creation. This strategic move not only promotes safer and more secure card transactions but also enhances overall transaction efficiency. Furthermore, it aims to combat fraud and bolster cardholder data security.”