New Delhi: In a move towards enhancing digital security, the Reserve Bank of India (RBI) has expanded the scope of tokenization for debit and credit cards. Previously limited to merchant applications or websites, individuals can now tokenize their cards conveniently through the Internet and mobile banking services.
The RBI has permitted the use of Card-on-File Tokenisation (CoFT) through card-issuing banks or institutions. This allows cardholders to tokenize their cards for multiple merchant sites using a single streamlined process. (Also Read: Google Maps New Features Coming In 2024 For Indian Users: Check)
The tokenized card transaction method is deemed safer, as it ensures that the actual card details are not shared with the merchant during transaction processing, per RBI guidelines. (Also Read: OnePlus 12 Series Launch Event In India: Check Ticket Price, Availability, Where To Buy, And More)
Under CoFT, a token represents a 16-digit number unique to a combination of the card, token requestor, and merchant. Through tokenization, the real card details are substituted with token credentials, ensuring they can only be used with the intended merchant.
The generation of CoFT tokens for a card is now facilitated through mobile banking and Internet banking channels, providing customers with flexibility.
This process can be initiated upon receiving a new card or at a later time. Card issuers are required to furnish a comprehensive list of merchants offering tokenization services. Cardholders, in turn, can choose the merchants with whom they wish to maintain tokens.
The issuance of the card token may be carried out by the card network the issuer, or both. Importantly, tokenization can only occur with explicit customer consent and requires additional factor authentication (AFA) validation to ensure a secure process.
For cardholders selecting multiple merchants for tokenization, AFA validation may be combined for all the chosen merchants. The RBI introduced the tokenization facility on October 1, 2022, aligning with the broader efforts to enhance digital security and offer users more control over their card information in the digital realm.