Tokenisation: RBI expands the scope of CoFT to debit cards issuing banks. Details here

Tokenisation: RBI expands the scope of CoFT to debit cards issuing banks. Details here

In order to make digital payments more secure, safe and sound, The Reserve Bank of India (RBI) has now enabled card-on-file tokenisation (CoFT) through card issuing banks and institutions.

So far, the tokenisation services were provided through merchants. The banking regulator, however, announced in a statement dated Oct 6 this year on development and regulatory policies that CoFT will soon be carried out directly through card issuing banks and institutions as well. 

As a follow-up measure, RBI issued a notification on Wednesday to announce that CoFT has now been enabled directly through card issuing banks and institutions.

The latest measure is aimed to enhance convenience for cardholders to get tokens created and linked to their existing accounts with various e-commerce applications.

Requirements for enabling CoFT through card issuers:

1. Generation of CoFT tokens for a card can be enabled through mobile banking and internet banking channels.

2. The token can be generated only on explicit customer consent and with AFA validation.

3. The cardholder may tokenise the card at any time of their convenience, either on receipt of the new card or at a later stage

4. The cardholder can select the merchants with whom he/she wishes to maintain tokens.

5. The card token so issued may be either by the card network or the issuer or both.

What is CoFT?

The card details when stored with a merchant is known as card-on-file (CoF). It was a common practice for merchants to store card details with them. In fact, some merchants would compel the users to store card details on their app or web page before making payment. This free availability of information used to compromise the safety of financial data of users.

To avoid any breach or leak of data, RBI introduced the rule of tokenisation in Sep 2021 where instead of card details, a specially created token is saved with the merchant.

Consequently, RBI stipulated in March 2020 that authorised payment aggregators and the merchants are not supposed to store actual card data. This was meant to minimise vulnerable points in the system. Following requests from the industry, the deadline was later extended to the end of Dec 2021. 

As one can imagine, the card-on-file tokenisation is aimed to ensure safety and security of card data without disrupting the convenience of card transactions.

The RBI introduced CoFT in 2021 and rolled it out from Oct 1, 2022. So far, over 56 crore tokens have been created on which transactions with value of over 5 lakh crore have been undertaken. 

Unlock a world of Benefits! From insightful newsletters to real-time stock tracking, breaking news and a personalized newsfeed – it’s all here, just a click away! Login Now!

Catch all the Business News, Market News, Breaking News Events and Latest News Updates on Live Mint.
Download The Mint News App to get Daily Market Updates.


Published: 21 Dec 2023, 03:14 PM IST

Leave a Reply

Your email address will not be published. Required fields are marked *