To protect the interests of cardholders, RBI has mandated that with effect from October 1, 2022, entities other than card networks and card issuers cannot store card data, such as card number, expiry date, etc.
- At the same time, to ensure that cardholders are not inconvenienced, RBI introduced CoF Tokenisation.
Objectives of Tokenisation
- Tokenisation is done so that the cardholder continues to enjoy the convenience of not entering card details for every transaction; at the same time the merchant does not store or use the card details which prevents potential loss of card details and associated misuse.
- Use of tokens augments safety and convenience of card transactions and is in the interest of cardholders.
What is Tokenisation or Card-on-File (CoF) Tokenisation?
- Tokenisation (or CoF Tokenisation) can be done at any time of convenience.
- Tokenisation is the process of replacing the debit or credit card details with a unique alternate code called a “token”.
- Tokenisation is prescribed only for online / e-commerce transactions, and not for face-to-face or Point of Sale (PoS) transactions.
- Tokenisation needs to be done only once for each card and at each online / e-commerce merchant.
- Each token is unique to a particular card and a particular online / e-commerce merchant.
- Cardholder can tokenise a card at any number of online / e-commerce merchants.
- A token cannot be used for payment to any merchant other than the merchant for whom it is created.
- Once the token is created, cardholder need not enter or remember token details for undertaking transactions in future.
- For identifying the tokenised card, the last four digits of the card will be displayed during the checkout process.
- Cardholders shall also have an option to de-register their tokens, at their own choice.