The Reserve Bank of India (RBI) extended the timeline for tokenisation of debit and credit cards by three months till 30th September, 2022 to avoid disruption and inconvenience to cardholders.
- After 30th September, no entity in the card transaction or payment chain, other than the card issuers and card networks, should store the CoF (Card-on-File data or storage of actual card data) and any such data stored previously will be done away with.
- Tokenisation refers to replacement of actual credit and debit card details with an alternate code called the “token”, which will be unique for a combination of card, token requestor and device.
- A tokenised card transaction is considered safer as the actual card details are not shared with the merchant during transaction processing.
- Customers who do not have the tokenisation facility will have to key in their name, 16-digit card number, expiry date and CVV each time they order something online.
- As of now, about 19.5 crore tokens have been created. Opting for CoFT (creating tokens) is voluntary for the cardholders.
- Card-on-File: A CoF transaction is a transaction where a cardholder has authorised a merchant to store the cardholder’s Mastercard or Visa payment details.
- The cardholder then authorises that same merchant to bill the cardholder’s stored Mastercard or Visa account.
- E-commerce companies and airlines and supermarket chains normally store card details in their system.