What is Card-on-File Tokenization?

About Card-on-File Tokenization

• Tokenisation refers to replacement of actual credit and debit card details with an alternate code called the “token”.
• It is a combination of card, token requestor and device.
• The card detail when stored with a merchant is known as card-on-file (CoF). 
• This token is a randomly generated string of characters that has no intrinsic value and is meaningless outside of the context of a specific transaction.
• The token is used as a surrogate for the actual card details, making it more secure to store and transmit.
• Requirements for enabling CoFT through card issuers:
  • Generation of CoFT tokens for a card can be enabled through mobile banking and internet banking channels.
  • The token can be generated only on explicit customer consent and with AFA (additional factor authentication) validation.
  • The cardholder may tokenise the card at any time of their convenience, either on receipt of the new card or at a later stage
  • The cardholder can select the merchants with whom he/she wishes to maintain tokens.
  • The card token so issued may be either by the card network or the issuer or both.
• Advantage
  • Tokenisation replaces a debit or credit card’s 16-digit number with a unique token that is specific to just your card and is valid for one merchant at a time.
  • The token masks the true details of your card, so in case there is a data leak from the merchant website, the fraudster cannot misuse the card.

Q1) What is a Card-on-File transaction?

It is a transaction where cardholders authorizes merchants to store their payment information securely and bill cardholders’ stored accounts for future purchases.

Source: Tokenisation: RBI expands the scope of CoFT to debit cards issuing banks. Details here