To protect the interests of the cardholders, RBI has mandated that with effect from October 1, 2022, entities other than card networks and card issuers cannot store card data, such as card number, expiry date etc. (Card-on-File or CoF). At the same time, to ensure that cardholders are not inconvenienced, RBI introduced CoF Tokenisation.
Tokenisation is done so that the cardholders continue to enjoy the convenience of not entering card details for every transaction; at the same time the merchant does not store or use the card details which prevents potential loss of card details and associated misuse.
What is Tokenisation or Card-on-File (CoF) Tokenisation?
1. Tokenisation (or CoF Tokenisation) can be done at any time of convenience.
2. Tokenisation is the process of replacing the debite or credit card details with a unique alternate code called a “token”.
3. Tokenisation is prescribed only for online/ e- commerce transactions and not for face to face or Point of sale (PoS) transaction.
4. A token cannot be used for payment to any merchant other than the merchant for whom it is created.
5. Tokenisation need to be done only once for each card and at each online/ e- commerce merchant. Each token is unique to a particular card and a particular online/ e-
commerce merchant. Cardholder can tokenise a card at any number of online/ e- commerce merchant.
6. Once the token is created, cardholder need not enter or remember token details for undertaking transaction in future. For identifying tokenised card, the last four digit of the card will be displayed during the checkout process.
7. Cardholders shall also have an option to de-register their tokens, at their own choice.
How to Tokenise a card?
1. To opt for tokenisation, cardholders has to do a one-time registration at the merchant website/ application.
2. To register, cardholder has to enter card details and provide consent. The card issuer will validate the consent through an additional Factor of Authentication like an OTP.