RBI proposes card-on-file tokenisation for debit and credit cards: What this means for online shoppers – Times of India
The Reserve Bank of India (RBI) governor Shaktikanta Das recently proposed the introduction of card-on-file tokenisation (CoFT) facility at the issuer-bank level. He cited the growing acceptance and benefits of tokenisation of card data while announcing the proposal. For those unaware, RBI introduced new channels for card on file for tokenisation. This means that credit/debit card users will be able to generate card tokens on their bank’s website or app instead of e-commerce websites/apps while shopping online, as is the case at present. This will eliminate data security concerns regarding token generation at e-commerce or merchant portals. The move also aims to give customers greater control over managing their card tokens. What the RBI announcement means To recall, RBI introduced Card-on-File Tokenisation (CoFT) in September 2021 and began implementation from October 1, 2022. So far, over 56 crore tokens are reported to have been created on which transactions with value of over Rs 5 lakh crore have been undertaken. Tokenisation is also said to have improved transaction security and transaction approval rate. Until now, the cardholders had to create different tokens through each merchant’s application or webpage. This would require time and effort from the users. Going forward, tokens will be created at the issuer bank level and linked to their existing accounts with various e-commerce applications. This will eliminate the duplication of tokenisation process at each app or website along with increased transaction security, resulting in reduced card-data-related frauds. What exactly is tokenisation Tokenisation replaces a debit or credit card’s 16-digit number with a unique token that is specific to user’s card and specific for one merchant at a time. The token hides the true details of your card, so that in case a data leak happens from the merchant website, the hackers cannot misuse the card. This token contains no personal information and keeps changing. Tokens can be used for online transactions, mobile point-of-sale transactions, or in-app transactions. A customer can choose whether or not to let his, her card tokenised. Tokenization guidelines are applicable to both debit and credit card and have to be tokenized for future online purchase as opted by customers.