What is Card-on-File Tokenization?

1 min read
What is Card-on-File Tokenization? Blog Image


In order to make digital payments more secure, safe and sound the Reserve Bank of India (RBI) has now enabled card-on-file tokenisation (CoFT) through card issuing banks and institutions.

About Card-on-File Tokenization

  • Tokenisation refers to replacement of actual credit and debit card details with an alternate code called the “token”.
  • It is a combination of card, token requestor and device.
  • The card detail when stored with a merchant is known as card-on-file (CoF). 
  • This token is a randomly generated string of characters that has no intrinsic value and is meaningless outside of the context of a specific transaction.
  • The token is used as a surrogate for the actual card details, making it more secure to store and transmit.
  • Requirements for enabling CoFT through card issuers:
    • Generation of CoFT tokens for a card can be enabled through mobile banking and internet banking channels.
    • The token can be generated only on explicit customer consent and with AFA (additional factor authentication) validation.
    • The cardholder may tokenise the card at any time of their convenience, either on receipt of the new card or at a later stage
    • The cardholder can select the merchants with whom he/she wishes to maintain tokens.
    • The card token so issued may be either by the card network or the issuer or both.
  • Advantage
    • Tokenisation replaces a debit or credit card’s 16-digit number with a unique token that is specific to just your card and is valid for one merchant at a time.
    • The token masks the true details of your card, so in case there is a data leak from the merchant website, the fraudster cannot misuse the card.

Q1) What is a Card-on-File transaction?

It is a transaction where cardholders authorizes merchants to store their payment information securely and bill cardholders’ stored accounts for future purchases.

Source: Tokenisation: RBI expands the scope of CoFT to debit cards issuing banks. Details here