RBI Facilitates Card-on-File Tokenisation Directly at Issuer Bank Level

The Reserve Bank of India (RBI) announced on December 20 a pivotal decision to enable Card-on-File Tokenisation (CoFT) directly through card-issuing banks or institutions. This marks a shift from the previous method where a Card-on-File (CoF) token could only be generated through a merchant’s application or webpage. The move is in alignment with the RBI’s commitment to enhancing user convenience and security in digital transactions.

Implementation of CoFT

The central bank introduced CoFT in September 2021, and its implementation commenced on October 1, 2022. In the October monetary policy, the RBI proposed the introduction of CoF token creation facilities directly at the issuer bank level. The measure aims to streamline the process for cardholders, allowing them to tokenize their cards for multiple merchant sites through a unified process.

Key Points and Requirements

1. Over 56 crore tokens have been created, with transactions exceeding Rs 5 lakh crore since the initiation of CoFT.
2. Tokenisation has demonstrated notable improvements in transaction security and approval rates.
3. The RBI specifies requirements for CoFT through card issuers, emphasizing AFA (Additional Factor of Authentication) validation.
4. Cardholders can initiate tokenisation through mobile banking or internet banking channels, ensuring explicit customer consent.
5. A comprehensive list of merchants, for whom tokenisation services are available, is provided by the card issuer.
6. The cardholder can choose merchants of preference for tokenisation, enhancing flexibility and control.
7. Token issuance may be executed by the card network, the issuer, or a combination of both.

Impact and Benefits

The direct enablement of CoFT at the issuer bank level is poised to significantly enhance user experience, providing cardholders with a seamless and secure means of managing tokens across various e-commerce applications.

Questions Related to Exams

Q: What is the recent announcement from the Reserve Bank of India (RBI)?

A: RBI has enabled Card-on-File Tokenisation (CoFT) directly through card-issuing banks, simplifying the process for cardholders.

Q: How does this impact users?

A: Users can now tokenize cards for multiple merchants through a unified process, enhancing convenience and security in digital transactions.

Q: What prompted this move?

A: The RBI’s October monetary policy proposed introducing CoFT at the issuer bank level, aiming to improve user experience and transaction security.

Q: What are the key requirements for CoFT through card issuers?

A: CoFT requires explicit customer consent, Additional Factor of Authentication (AFA) validation, and issuance options by the card network, issuer, or both.