A tokenised card transaction is considered safer as the actual card details are not shared with the merchant during transaction processing.
RBI introduced Card-on-File Tokenisation (CoFT) in September 2021 and began implementation from October 1, 2022. Currently, ,Card-on-File(CoF) token can only be created through merchant’s application or webpage. The Reserve Bank of India has now proposed to introduce CoF token creation facilities directly at the issuer bank level.
This measure will enhance convenience for cardholders to get tokens created and linked to their existing accounts with various e-commerce applications.
“The proposal to introduce card-on-file tokenization directly at the bank level is a game-changer for cardholders and the financial industry as a whole. It enhances convenience and security, reducing the friction associated with digital transactions. This forward-looking initiative reflects the RBI’s commitment to fostering a robust and secure payments landscape in India,” said Dr. Soumya Kanti Ghosh, Group Chief Economic Adviser, at State Bank of India.
So far, over 56 crore tokens have been created on which transactions with value of over Rs 5 lakh crore have been undertaken.
Tokenisation has improved transaction security and transaction approval rate.
Until now, the cardholders had to create different tokens through each merchant’s application or webpage. This would require time and effort from the users. Going forward, tokens will be created at the issuer bank level and linked to their existing accounts with various e-commerce applications.
“This will eliminate the duplication of tokenisation process at each app or website along with increased transaction security, resulting in reduced card-data-related frauds. This strategic move aligns with the evolving landscape of digital payments, ensuring a safer and more user-friendly ecosystem for consumers and merchants alike,” said Mandar Agashe, Founder & Vice Chairman at Sarvatra Technologies.
“Unsafe use of credit cards puts your finances at risk. The RBI took cognisance of these unsafe practices and issued guidelines for the tokenisation of data. It is a safer method as the actual card details are not shared with a merchant during a transaction. The customer’s details are converted into a token, and a transaction takes place through it without any personal details being shared by the card owner. With tokenisation, customers can register or de-register their card for a particular use, i.e., contactless, QR code-based, in-app payments etc,” said Adhil Shetty of Bankbazaar.
Tokenisation has been allowed on consumer devices like mobile phones, tablets, laptops, desktops, wearables (wrist watches, bands, etc.), Internet of Things (IoT) devices, etc, for all use cases / channels (e.g., contactless card transactions, payments through QR codes, apps etc.
““The proposal to introduce card-on-file tokenization directly at the bank level enhances convenience and security, reducing the friction associated with digital transactions,” said Rajsri Rengan, India Head of Development, Banking and Payments, at FIS.