Card-on-file tokenization is an idea from RBI: more client convenience and tighter security

 Card-on-file tokenization is an idea from RBI: more client convenience and tighter security

Customers will have more control over managing their card tokens thanks to the card-on-file tokenization facility, which allows them to add and remove tokens without going via the merchant website. This facility is directly at the issuer-bank level.

In the near future, as opposed to now, you will be able to create card tokens on your bank's website or app while doing online purchasing. Token creation at e-commerce or merchant portals will no longer raise data security issues as a result. After the Reserve Bank of India (RBI) suggestion is put into effect, users will thus have more flexibility over how they manage their card tokens.

The establishment of a card-on-file tokenization (CoFT) option at the issuer-bank level was advocated by RBI Governor Shaktikanta Das on October 6 in light of the rising acceptability and advantages of tokenizing card data. The ability to generate tokens and connect them to their accounts with different e-commerce apps would increase convenience for cardholders as a result of this approach, he noted. The chance of your sensitive information being accessed by a third-party site in the event of a data breach will be eliminated since the tokenization will now only be carried out at the issuing bank's portal or app.

"RBI's announcement on CoFT enables cardholders to create tokens across merchants, reducing payment friction and the need to manually input card information," explains Khilan Haria, SVP and Head of Payments Product at Razorpay. The customer journey will be improved by this seamless user experience, and banks will benefit from higher activation and spending.

According to Rajsri Rengan, India Head of Development, Banking, and Payments at FIS, a fintech company, the idea to provide card-on-file tokenization directly at the card issuing bank is a game-changer for both cardholders and the financial sector as a whole.

Advantages of CoFT 

Up until this point, CoFT was only possible during the payment process on a merchant application or website.

According to Adhil Shetty, CEO of BankBazaar.com, "Once this is enacted, the expectation is that you are going to able to generate and administer your card tokens for e-commerce sites directly from your financial institution's website, pretty much including managing your credit and spending limits over online banking or your banking app." He continues by saying that doing this provides you more flexibility in managing your card token and enables you to add and remove tokens without going to the retailer's website.

According to Rahul Jain, CFO of NTT DATA Payment Services in India, "CoFT enables cardholder with an extra layer of protection, shielding data which would otherwise be vulnerable during card transactions."

Also read: RBI suggests modifications to the internal ombudsman structure for banks

minimal difficulties

For issuing banks, "this process poses minimal challenges, as most of them could capitalize on the existing unified settlement framework for token creation," claims Jain.

Tokenization: What is it? 

When a debit or credit card is tokenized, the 16-digit number is replaced with a one-of-a-kind token that is specific to just your card and to one particular merchant at a time. The token hides your card's actual information, preventing fraudsters from abusing it if there is a data breach on the retailer website.

Online purchases, mobile point-of-sale purchases, and in-app purchases may all be made using tokens. The most secure method to transact is using a token since it never includes personal information and is constantly changing.

Although card tokenization is a fairly safe technology, Sumanta Mandal, the founder of TechnoFino, a website that follows the Indian credit card market, warns cardholders that your payment will still go through even if you input the incorrect CVV.

For instance, if you have stored your credit card token on Amazon, your payment will still be valid after entering the OTP even if you input the incorrect CVV during a transaction. The banks must examine this problem and find a quick solution.