RBI Broadens Card-On-File Tokenization Scope For Digital Payment Security

(MENAFN- KNN India) New Delhi, Dec 22 (KNN)
In an effort to enhance the security and reliability of digital payments, the Reserve Bank of India has now enabled card-on-file tokenisation (CoFT) through card issuing banks and institutions. Previously confined to merchant applications or websites, individuals now have the option to tokenize their cards using internet and mobile banking services.

To mitigate the risk of data breaches and leaks, RBI implemented the rule of tokenisation in September 2021. Under this regulation, rather than storing actual card details, a unique token, specially generated for each transaction, is securely saved with the merchant.

Earlier, it was a common practice for merchants to retain card information, and in certain instances, users were frequently required to save their card details on the merchant's app or webpage prior to finalizing a transaction. However, this practice of indiscriminately storing such sensitive information posed risk to the security of users' financial data.

“It has been decided to enable card-on-file tokenisation directly through card-issuing banks/institutions also. This will provide cardholders with an additional choice to tokenise their cards for multiple merchant sites through a single process,” stated the RBI circular.

The circular further stated that the generation of Card-on-File Tokenization (CoFT) must be carried out solely upon explicit customer consent and with the validation of an Additional Factor of Authentication (AFA).

Additionally, the card issuer is required to furnish a comprehensive list of merchants for whom it is equipped to offer tokenization services.

The RBI introduced CoFT in 2021 and rolled it out from Oct 1, 2022. So far, over 56 crore tokens have been created on which transactions with value of over ₹5 lakh crore have been undertaken.

(KNN Bureau)

MENAFN22122023000155011030ID1107649596