The RBI governor, Shaktikanta Das, has recently put forward a proposal to implement card-on-file tokenisation (CoFT) functionality at the issuer-bank level in India, reported TOI. While card tokenisation represented a significant reform aimed at bolstering the security of online transactions, the Reserve Bank of India (RBI) has now introduced an additional layer of protection. This initiative will enhance the ease with which cardholders can generate and associate tokens with their accounts on e-commerce platforms.
However, what implications does this have for online shoppers and mobile customers? In 2020, the RBI mandated that payment aggregators and merchants should no longer retain actual card data, referred to as Card-on-File (CoF). Instead, all stored card data should undergo tokenisation. This functionality will initiate quicker checkouts, incorporating CVV and OTP authentication as an extra layer of security.
To put it simply, tokenisation substitutes card information with a distinctive algorithmically generated code known as a ‘token’. This token facilitates transactions while safeguarding the card details from exposure.
Tokenisation is a pivotal reform that significantly boosts the security of online transactions. Specifically, CoF tokenisation introduces an additional layer of safeguarding for card credentials, making it imperative for all cardholders to make use of this feature to protect their data, which might otherwise be susceptible during card transactions.
As previously mentioned, the RBI has introduced fresh CoFT avenues, thus, allowing credit and debit card users to create tokens using their bank's mobile app or website. This transition away from e-commerce platforms will address data security concerns associated with token creation.
To date, CoF tokens can only be generated within the merchant's application or webpage when making a payment. In the upcoming phase, users will have the capability to create tokens directly through their issuing bank. The anticipation is that once this functionality is in place, you will have the ability to generate and oversee your card tokens for e-commerce platforms directly through your bank account, much like configuring your credit limits and spending restrictions via online banking or banking apps. This provides you with enhanced control over the management of your card tokens, enabling you to add, alter, and remove tokens remotely, without the need to access the website.
Contrary to the misconception that this process is complex, it presents few difficulties for issuer banks, as many of them can utilize the established unified payment framework for token generation. This strategic step not only encourages safer and more secure card transactions but also improves transaction efficiency overall. Moreover, it is designed to counter fraud and reinforce the security of cardholder data.