The Reserve Bank of India (RBI) has broadened the scope of card tokenisation for both debit and credit cards, aiming to bolster the security of digital payments. Formerly limited to merchant applications or websites, individuals can now tokenise their cards through internet and mobile banking services.

In a circular, RBI announced, “It has been decided to enable card-on-file tokenisation directly through card-issuing banks/institutions also. This will provide cardholders with an additional choice to tokenise their cards for multiple merchant sites through a single process.” The move is part of RBI’s efforts to enhance the safety and security of digital transactions.

The circular also emphasizes that the generation of Card-on-File (CoF) tokens should only occur with explicit customer consent and must undergo Additional Factor of Authentication (AFA) validation. Additionally, if a cardholder selects multiple merchants for tokenisation, AFA validation may be combined for all these merchants.

Furthermore, card issuers are required to provide a comprehensive list of merchants for whom they can provide tokenisation services. The expansion of card tokenisation is a significant step towards securing digital payment ecosystems and preventing unauthorized access to sensitive card information.

Previously, merchants were known to store card details, which posed a risk to users’ financial data security. To address this concern, RBI introduced tokenisation in September 2021, where a unique token is generated for each transaction instead of storing actual card details. The implementation of Card-on-File tokenisation (CoFT) from October 1, 2022, has further strengthened security measures in digital transactions.

According to a report by global payments operator Visa, India has issued approximately 560 million card tokens since October last year, following RBI’s directive to tokenise cards for ecommerce transactions. This move is expected to significantly reduce the risk of data breaches and enhance the overall security of digital payments in the country.

The Reserve Bank of India (RBI) has broadened the scope of card tokenisation for both debit and credit cards, aiming to bolster the security of digital payments. Formerly limited to merchant applications or websites, individuals can now tokenise their cards through internet and mobile banking services.

In a circular, RBI announced, “It has been decided to enable card-on-file tokenisation directly through card-issuing banks/institutions also. This will provide cardholders with an additional choice to tokenise their cards for multiple merchant sites through a single process.” The move is part of RBI’s efforts to enhance the safety and security of digital transactions.

The circular also emphasizes that the generation of Card-on-File (CoF) tokens should only occur with explicit customer consent and must undergo Additional Factor of Authentication (AFA) validation. Additionally, if a cardholder selects multiple merchants for tokenisation, AFA validation may be combined for all these merchants.

Furthermore, card issuers are required to provide a comprehensive list of merchants for whom they can provide tokenisation services. The expansion of card tokenisation is a significant step towards securing digital payment ecosystems and preventing unauthorized access to sensitive card information.

Previously, merchants were known to store card details, which posed a risk to users’ financial data security. To address this concern, RBI introduced tokenisation in September 2021, where a unique token is generated for each transaction instead of storing actual card details. The implementation of Card-on-File tokenisation (CoFT) from October 1, 2022, has further strengthened security measures in digital transactions.

According to a report by global payments operator Visa, India has issued approximately 560 million card tokens since October last year, following RBI’s directive to tokenise cards for ecommerce transactions. This move is expected to significantly reduce the risk of data breaches and enhance the overall security of digital payments in the country.