Share
The Reserve Bank of India (RBI) has urged cardholders to tokenise their cards to improve safety in online transactions. Tokenisation replaces sensitive card information with a unique alternate code, known as a “token,” which merchants can store instead of actual card details, reducing the risk of data theft and misuse.
Currently, many merchants and other entities store card information under the Card-on-File (CoF) model to provide convenience for future transactions. While this practice is convenient, storing card details with multiple entities increases the risk of fraud, particularly in cases where Additional Factor of Authentication (AFA) is not mandatory.
Under the RBI framework for CoF Tokenisation (CoFT), cardholders can create tokens through a one-time registration process at each online or e-commerce merchant by entering their card details and providing consent. Each token is specific to the card and the merchant, and cannot be used elsewhere. Once created, the cardholder can identify the card using the last four digits during checkout, without manually entering the token. A single card can be tokenised at multiple merchants, with a unique token created for each.
To date, about 19.5 crore tokens have been created. Participation in CoFT is voluntary, and cardholders may continue guest checkout transactions by manually entering card details if they choose not to create a token.
Industry stakeholders have highlighted challenges with guest checkout transactions and adoption of token-based transactions across all merchant categories. To address these concerns and prevent disruption, RBI has extended the deadline for phasing out card data storage by entities other than card issuers and networks from June 30, 2022, to September 30, 2022. The extension allows stakeholders to prepare systems for tokenised transactions, process transactions using tokens, implement mechanisms for post-transaction activities including chargeback handling and settlement, and raise public awareness about tokenisation and its benefits.
RBI emphasised that tokenisation enhances payment security and encourages cardholders to adopt this process to protect their financial information while ensuring a seamless transaction experience.
[RBI]