RBI extends deadline for card tokenisation till 30 Sept

  • Currently, many entities, including merchants, involved in an online card transaction chain store card data like card number, expiry date, etc. Card-on-File (CoF) citing cardholder convenience and comfort for undertaking transactions in future.

Livemint
Updated26 Jun 2022
The CoF Tokenisation (CoFT) services framework obviates the need to store card details with merchants and provides the same level of convenience to cardholders.
The CoF Tokenisation (CoFT) services framework obviates the need to store card details with merchants and provides the same level of convenience to cardholders.(iStock)

The Reserve Bank of India (RBI) on Friday extended the timeline for tokenisation of debit and credit cards by another three months till September 30, 2022. The decision was made in consultation with the stakeholders and to avoid disruption and inconvenience to cardholders. Earlier the due date for card tokenisation was set on June 30, 2022.

In a statement, RBI said this extended time period may be utilised by the industry for, (a) facilitating all stakeholders to be ready for handling tokenised transactions; (b) processing transactions based on tokens; (c) implementing an alternate mechanism(s) to handle all post-transaction activities (including chargeback handling and settlement) related to guest checkout transactions, that currently involve /require storage of CoF data by entities other than card issuers and card networks; and (d) creating public awareness about the process of creating tokens and using them to undertake transactions.

At present, many entities including merchants, involved in an online card transaction chain store card data like card number, expiry date, etc. citing cardholder convenience and comfort for undertaking transactions in the future.

Although, this practice does bring in convenience and availability of card details with multiple entities, however, it is also a risker as card data can be misused or stolen.

There have been occasions where card data stored by merchants or other entities have been comprised.

According to RBI, given the fact that many jurisdictions do not mandate Additional Factor of Authentication (AFA) for authenticating card transactions, stolen data in the hands of fraudsters may result in unauthorised transactions and resultant monetary loss to cardholders. Within India as well, social engineering techniques can be employed to perpetrate frauds using such data.

Thereby, last year in December, RBI mandated entities other than card networks and card issuers to not store debit or credit card data with them.

Further, RBI also issued a framework for CoF Tokenisation (CoFT) services.

Under the framework, RBI directs cardholders can create “tokens” (a unique alternate code) in lieu of card details; these tokens can then be stored by the merchants for processing transactions in the future.

Thereby, CoFT obviates the need to store card details with merchants and provides the same level of convenience to cardholders.

Data from RBI showed that to date, about 19.5 crore tokens have been created. It needs to be noted that opting for CoFT (i.e., creating tokens) is voluntary for the cardholders.

Hence, those who do not wish to create a token can continue to transact as before by entering card details manually at the time of undertaking the transaction (commonly referred to as “guest checkout transaction”).

RBI encourages cardholders to tokenise their cards for their safety. It said, "Cardholders’ payment experience will be enhanced through an added layer of security by way of tokenisation."

For creating a token under the CoFT framework, as per RBI:

- The cardholder has to undergo a one-time registration process for each card at every online / e-commerce merchant’s website/mobile application, by entering the card details and giving consent for creating a token.

- This consent is validated by way of authentication through an AFA.

- Thereafter, a token is created which is specific to the card and online/e-commerce merchant, i.e., the token cannot be used for payment at any other merchant.

- For future transactions performed at the same merchant website/mobile application, the cardholder can identify the card with the last four digits during the checkout process.

Thus, the cardholder is not required to remember or enter the token for future transactions. A card can be tokenised at any number of online/e-commerce merchants. For every online/e-commerce merchant where the card is tokenised, a specific token will be created.

Catch all the Business News, Market News, Breaking News Events and Latest News Updates on Live Mint. Download The Mint News App to get Daily Market Updates.MoreLess
HomeNewsIndiaRBI extends deadline for card tokenisation till 30 Sept

Most Active Stocks

Bharat Electronics

309.55
10:29 AM | 14 JUN 2024
8.6 (2.86%)

Indian Oil Corporation

170.30
10:25 AM | 14 JUN 2024
1.2 (0.71%)

HDFC Bank

1,597.45
10:28 AM | 14 JUN 2024
16.55 (1.05%)

State Bank Of India

840.20
10:29 AM | 14 JUN 2024
-3.7 (-0.44%)
More Active Stocks

Market Snapshot

  • Top Gainers
  • Top Losers
  • 52 Week High

JK Paper

490.70
10:25 AM | 14 JUN 2024
44.35 (9.94%)

KRBL

310.05
10:22 AM | 14 JUN 2024
23.05 (8.03%)

Poly Medicure

2,003.00
09:59 AM | 14 JUN 2024
142.9 (7.68%)

KEC International

935.20
10:25 AM | 14 JUN 2024
66.25 (7.62%)
More from Top Gainers

Recommended For You

    More Recommendations

    Gold Prices

    • 24K
    • 22K
    Bangalore
    73,806.000.00
    Chennai
    73,806.000.00
    Delhi
    73,735.000.00
    Kolkata
    73,088.000.00

    Fuel Price

    • Petrol
    • Diesel
    Bangalore
    99.84/L0.00
    Chennai
    100.75/L0.00
    Kolkata
    103.94/L0.00
    New Delhi
    94.72/L0.00
    OPEN IN APP
    HomeMarketsPremiumInstant LoanGet App