On October 20, 2023, the Reserve Bank of India (RBI) introduced significant changes to the Card-on-File (CoF) tokenisation process, aiming to simplify it for cardholders and enhance their online shopping experience. Tokenisation, the process of substituting a card’s 16-digit number with a unique ‘Token’ for online transactions, has traditionally involved generating Card-on-File (CoF) tokens exclusively through the merchant’s platform during a transaction.
RBI Empowers Cardholders: Direct CoF Tokenisation for Seamless E-commerce Transactions
The RBI’s modification allows banks and financial institutions to directly facilitate CoF Tokenisation (CoFT) for their customers. This means cardholders can now effortlessly tokenise their cards across various e-commerce platforms through a unified process offered by their card issuer. This alteration offers cardholders the option to tokenise their cards for multiple merchant sites through a streamlined process, according to the RBI’s circular.
Under the new system, the generation of CoF tokens for a card can be initiated through the card issuer via mobile banking and internet banking channels. The RBI states that this measure is designed to enhance convenience for cardholders in creating and linking tokens to their existing accounts across various e-commerce applications.
Enhancing Security and Convenience: A Deep Dive into the Modern Card Tokenisation Process
However, this process requires explicit customer consent and Additional Factor Authentication (AFA) validation, typically involving One-Time Passwords (OTPs) sent to registered mobile numbers. If a cardholder chooses to tokenise their card for multiple merchants, AFA validation may be consolidated for all selected merchants.
The generated tokens will be accessible on the merchant’s payment page and stored in the cardholder’s account with the merchant. Cardholders have the flexibility to tokenise their cards at their convenience, either upon receiving a new card or at a later time. The card issuer will provide a comprehensive list of merchants for whom tokenisation services are available, and cardholders can choose specific merchants for tokenisation. This shift improves both the convenience and security of the tokenisation process for cardholders.