RBI Introduces Card-on-File Tokenisation for Secure Online Transactions
In an effort to enhance online transaction security, the Reserve Bank of India (RBI) has introduced card-on-file tokenisation (CoF), allowing users to generate unique digital tokens for their debit or credit cards directly at the issuer bank level. This initiative aims to disable the storage of card details at payment service providers’ and merchants’ end, ensuring better security for online transactions.
Tokenisation involves giving sensitive information, such as card details, a unique digital token to replace the actual details, making online transactions more secure and hassle-free for customers. The initiative has been endorsed by prominent figures such as Amitabh Bachchan, who has highlighted the benefits of tokenising cards to ensure secure online transactions without having to repeatedly input card details.
“Tokenisation refers to the replacement of actual card details with an alternate code called the ‘token’. It is used for recurring payments or in cases where merchants have stored the card details for providing faster checkout experience,” explains Rahul Jain, CFO of NTT DATA Payment Services India.
The process of tokenising a card involves several steps: a customer visits an e-commerce or merchant’s website, selects the preferred card options as the payment method, and enters all the card details. If the website offers the option to store the card details for a faster checkout experience, the customer should opt for the ‘secure your card as per RBI guidelines’ option to securely generate a token and have it stored according to RBI guidelines.
Upon receiving a one-time password (OTP) from the card issuer company, the customer enters the OTP on the bank page and the card details are sent for token generation and transaction authorization. The generated token is then sent back to the merchant and stored against the customer identification data, such as a mobile number or email address.
When customers revisit the same e-commerce or merchant website, the last four digits of the saved card are shown to help them recognize the card during the transaction, indicating that the card has been tokenised. A new token is generated for every merchant website where card details are required to be stored, ready for use in subsequent recurring or express checkout payment transactions.
It’s important to note that tokenisation does not involve the storage of card information by the merchant website. “The genuine payment details of the customer are securely stored by their bank in a protected token vault. Upon receiving the token from the credit card issuer and confirming its match with the account number, the bank verifies the transaction,” explains Akash Sinha, CEO and co-founder of Cashfree Payments, a payments and banking platform.
While card tokenisation is not currently mandatory, customers can choose to tokenise their cards for more secure online transactions. If a customer opts not to create a token, they can continue to transact as before by entering card details manually at the time of initiating the transaction.
I have over 10 years of experience in the cryptocurrency industry and I have been on the list of the top authors on LinkedIn for the past 5 years.