After extending the deadlines for three times, the Reserve Bank of India (RBI) is set to roll out its card-on-file tokenisation norms from October 1. Here is all you need to know about card tokenisation:
Card-on-file, or CoF, refers to card information stored by payment gateway and merchants to process future transactions. Tokenisation is the process of replacing actual card details with a unique alternate code called 'Token' - thereby enabling more secure transactions.
A cardholder can initiate a request on the app provided by the token requestor to get their card tokenised. The request will then be forwarded to the card network, which will then, with the consent of the card issuer, will issue a token. The token will be corresponding to the card combination, the device, and the token requestor.
Customers can get their cards tokenised without paying any charges for the service. Only authorised card networks and entities, approved by the RBI, can perform card tokenisation.
Even though tokenisation of debit and credit cards is not mandatory but it has been advised by RBI that a tokenised card will ensure that there are lesser frauds committed in terms of domestic online payments.
Credit card and debit card tokenisation does not allow merchants to store your data, and also gives an added layer of protection through entering your CVV and the OTP received, thereby making online transactions more safe.
Prior to this, the RBI gave the payments ecosystem time till September 30 for purging all card-on-file (CoF) data, the third extension in the last one-and-a-half years.