You can soon create your card tokens directly from your bank account

New Delhi, Oct 9, 2023 

Until now, the cardholders had to create different tokens through each merchant's application or webpage. This would require time and effort from the users. 

You will soon be allowed to generate card tokens on your bank’s website or app instead of e-commerce websites / apps while shopping online, thereby eliminating data security concerns regarding token generation at e-commerce or merchant portals.

Tokenisation refers to replacement of actual card details with an alternate code called the “token”, which shall be unique for a combination of card, token requestor (i.e. the entity which accepts request from the customer for tokenisation of a card and passes it on to the card network to issue a corresponding token) and device (referred hereafter as “identified device”).

A tokenised card transaction is considered safer as the actual card details are not shared with the merchant during transaction processing.

RBI introduced Card-on-File Tokenisation (CoFT) in September 2021 and began implementation from October 1, 2022. Currently, ,Card-on-File(CoF) token can only be created through merchant’s application or webpage. The Reserve Bank of India has now proposed to introduce CoF token creation facilities directly at the issuer bank level.

This measure will enhance convenience for cardholders to get tokens created and linked to their existing accounts with various e-commerce applications.

"The proposal to introduce card-on-file tokenization directly at the bank level is a game-changer for cardholders and the financial industry as a whole. It enhances convenience and security, reducing the friction associated with digital transactions. This forward-looking initiative reflects the RBI’s commitment to fostering a robust and secure payments landscape in India," said Dr. Soumya Kanti Ghosh, Group Chief Economic Adviser, at State Bank of India.

So far, over 56 crore tokens have been created on which transactions with value of over Rs 5 lakh crore have been undertaken.

Tokenisation has improved transaction security and transaction approval rate.

With the introduction of new channels for Card-On-File (CoF) tokenisation, the volume of tokenised transactions will accelerate rapidly while enhancing convenience for cardholders.

Until now, the cardholders had to create different tokens through each merchant’s application or webpage. This would require time and effort from the users. Going forward, tokens will be created at the issuer bank level and linked to their existing accounts with various e-commerce applications.

"This will eliminate the duplication of tokenisation process at each app or website along with increased transaction security, resulting in reduced card-data-related frauds. This strategic move aligns with the evolving landscape of digital payments, ensuring a safer and more user-friendly ecosystem for consumers and merchants alike," said Mandar Agashe, Founder & Vice Chairman at Sarvatra Technologies.

Once the move is implemented, would be able to create and manage your card tokens for e-commerce sites directly from your bank account, similar to setting your credit and spending limits over net banking or your banking app.

"Unsafe use of credit cards puts your finances at risk. The RBI took cognisance of these unsafe practices and issued guidelines for the tokenisation of data. It is a safer method as the actual card details are not shared with a merchant during a transaction. The customer’s details are converted into a token, and a transaction takes place through it without any personal details being shared by the card owner. With tokenisation, customers can register or de-register their card for a particular use, i.e., contactless, QR code-based, in-app payments etc," said Adhil Shetty of Bankbazaar.

"RBI’s announcement on CoFT empowers cardholders to create tokens across merchants, eliminating payment friction and the need to manually enter card data. This seamless user experience will enhance the customer journey while also aiding banks with increased activation and spends," said Khilan Haria, SVP and Head of Payments Product, Razorpay.

Tokenisation has been allowed on consumer devices like mobile phones, tablets, laptops, desktops, wearables (wrist watches, bands, etc.), Internet of Things (IoT) devices, etc, for all use cases / channels (e.g., contactless card transactions, payments through QR codes, apps etc.

"The proposal to introduce card-on-file tokenization directly at the bank level enhances convenience and security, reducing the friction associated with digital transactions," said Rajsri Rengan, India Head of Development, Banking and Payments, at FIS.

[The Business Standard]