In order to make digital payments more secure, safe and sound the Reserve Bank of India (RBI) has now enabled card-on-file tokenisation (CoFT) through card issuing banks and institutions.
About Card-on-File Tokenization
- Tokenisation refers to replacement of actual credit and debit card details with an alternate code called the “token”.
- It is a combination of card, token requestor and device.
- The card detail when stored with a merchant is known as card-on-file (CoF).
- This token is a randomly generated string of characters that has no intrinsic value and is meaningless outside of the context of a specific transaction.
- The token is used as a surrogate for the actual card details, making it more secure to store and transmit.
- Requirements for enabling CoFT through card issuers:
- Generation of CoFT tokens for a card can be enabled through mobile banking and internet banking channels.
- The token can be generated only on explicit customer consent and with AFA (additional factor authentication) validation.
- The cardholder may tokenise the card at any time of their convenience, either on receipt of the new card or at a later stage
- The cardholder can select the merchants with whom he/she wishes to maintain tokens.
- The card token so issued may be either by the card network or the issuer or both.
- Tokenisation replaces a debit or credit card’s 16-digit number with a unique token that is specific to just your card and is valid for one merchant at a time.
- The token masks the true details of your card, so in case there is a data leak from the merchant website, the fraudster cannot misuse the card.
Q1) What is a Card-on-File transaction?
It is a transaction where cardholders authorizes merchants to store their payment information securely and bill cardholders’ stored accounts for future purchases.