RBI introduces card tokenisation facility at bank level

Mumbai, December 20

The RBI on Wednesday introduced a Card-on-File (CoF) token facility at the level of banks and other institutions to provide convenience for cardholders to get tokens created and linked to their existing accounts with various e-commerce applications.

At present, a CoF token can only be created through the merchant’s application or webpage.

For a CoF, a token is a 16-digit number unique for a combination of card, token requestor and merchant. Through tokenisation, the actual card details are replaced with token credentials that can be used only with the intended merchant.

“It has been decided to enable Card-on-File Tokenisation (CoFT) directly through card-issuing banks/institutions also. This will provide cardholders with an additional choice to tokenise their cards for multiple merchant sites through a single process,” the RBI said in a circular.

Generation of CoF tokens for a card, through the card issuer, can be enabled through mobile banking and internet banking channels.

In October, the RBI had said tokenisation has improved transaction security and transaction approval rate.

The RBI introduced CoFT in September 2021 and began implementation from October 1 last year.

The circular further said CoFT generation should be done only on explicit customer consent, and with Additional Factor of Authentication (AFA) validation.

“If the cardholder selects multiple merchants for which to tokenise his/her card, AFA validation may be combined for all these merchants,” the RBI said.

The cardholder may tokenise the card at any time of his convenience, either at the time of receiving the new card or later.

Also, the card issuer should provide a complete list of merchants for whom it can provide tokenisation services.