Card-On-File Tokenization : Reserve Bank Of India
In order to make digital payments more secure, safe and sound the Reserve Bank of India (RBI) has now enabled card-on-file tokenization (CoFT) through card issuing banks and institutions.
- Tokenization refers to replacement of actual credit and debit card details with an alternate code called the “token”.
- It is a combination of card, token requestor and device.
- The card detail when stored with a merchant is known as card-on-file (CoF).
- This token is a randomly generated string of characters that has no intrinsic value and is meaningless outside of the context of a specific transaction.
- The token is used as a surrogate for the actual card details, making it more secure to store and transmit.
- Generation of CoFT tokens for a card can be enabled through mobile banking and internet banking channels.
- The token can be generated only on explicit customer consent and with AFA (additional factor authentication) validation.
- The cardholder may tokenize the card at any time of their convenience, either on receipt of the new card or at a later stage.
- The cardholder can select the merchants with whom he/she wishes to maintain tokens.
- The card token so issued may be either by the card network or the issuer or both.