RBI Proposes Issuer-Bank Level Card-on-File Tokenisation (CoFT) Facility

  • 09 Oct 2023

Recently, Reserve Bank of India (RBI) Governor has put forth a proposal to introduce card-on-file tokenisation (CoFT) at the issuer-bank level, emphasizing the growing acceptance and advantages of card data tokenisation.

Key Points

  • Introduction of CoFT Facility: Governor announced the proposal for the introduction of card-on-file tokenisation (CoFT) at the issuer-bank level.
  • RBI's CoFT Channels: RBI had previously introduced new channels for card-on-file tokenisation in September 2021, with implementation beginning on October 1, 2022.
  • These channels allow credit/debit card users to generate card tokens on their bank's website or app, eliminating the need to do so on e-commerce platforms during online shopping.
  • Data Security Benefits: The proposal aims to address data security concerns related to token generation on e-commerce or merchant portals.
  • It offers consumers greater control over managing their card tokens.
  • RBI's Card Tokenisation Impact: Since the introduction of Card-on-File Tokenisation (CoFT), over 56 crore tokens have reportedly been created, facilitating transactions worth over Rs 5 lakh crore.
  • Streamlined Token Creation: Previously, cardholders had to generate different tokens through each merchant's application or website, which required time and effort.
  • With the new approach, tokens will be created at the issuer bank level and linked to users' existing accounts with various e-commerce applications.
  • This eliminates the need for duplication of the tokenisation process at each app or website, enhancing transaction security and reducing card-data-related fraud.
  • Understanding Tokenisation: Tokenisation replaces a debit or credit card's 16-digit number with a unique token specific to the user's card and a particular merchant for a single transaction.
  • This token conceals the card's actual details, safeguarding it in case of data leaks from merchant websites. Tokens contain no personal information and change with each use.
  • Customers can choose whether to opt for card tokenisation, applicable to both debit and credit cards, for future online purchases.