LI Network
Published on: December 21, 2023 at 16:43 IST
In a move aimed at enhancing convenience for cardholders, the Reserve Bank of India (RBI) announced the introduction of a Card-on-File (CoF) token facility at the level of banks and other financial institutions.
This new provision allows cardholders to seamlessly create and link tokens to their existing accounts with various e-commerce applications directly through their banks. Currently, CoF tokens can only be generated through the merchant’s application or webpage.
A CoF token is a unique 16-digit number assigned to a specific combination of card, token requestor, and merchant. Through tokenisation, the actual card details are substituted with secure token credentials that can only be utilized with the designated merchant.
The RBI stated in a circular, “It has been decided to enable Card-on-File Tokenisation (CoFT) directly through card-issuing banks/institutions also. This will provide cardholders with an additional choice to tokenise their cards for multiple merchant sites through a single process.”
CoF token generation through the card issuer can be facilitated via mobile banking and internet banking channels.
The RBI emphasized that CoFT generation should occur solely with explicit customer consent and must undergo Additional Factor of Authentication (AFA) validation.
The circular further outlined that if a cardholder chooses to tokenise their card for multiple merchants, AFA validation may be consolidated for all selected merchants. This move comes after the RBI’s recognition in October that tokenisation has enhanced transaction security and approval rates.
Introduced in September 2021, with implementation beginning on October 1 of the same year, the CoFT mechanism allows cardholders to tokenise their cards at their convenience, either upon receiving a new card or at a later date.
Additionally, card issuers are required to furnish a comprehensive list of merchants for whom tokenisation services are available.