The rules for online transactions for debit and credit cards is all set to change from October 1 as the Reserve Bank of India’s (RBI) card-on-file (CoF) tokenisation norms come into effect from , 2022. With this norm, the payment experience of cardholders is expected to improve. The earlier deadline for RBI’s new tokenisation guidelines was July 1, however, it was extended to September 30, on the back of various representations received from stakeholders.
If media reports are to be believed, most of the large merchants have complied with the RBI’s card-on-file (CoF) tokenisation norms and 19.5 crore tokens have been issued so far. The RBI last September prohibited merchants from storing customer card details on their servers with effect from January 1, 2022, and mandated the adoption of CoF tokenisation as an alternative to card storage.
A tokenised card transaction is considered safer as the actual card details are not shared with the merchant during transaction processing. Once the card-on-file (CoF) tokenisation norms are implemented, platforms won’t be able to store the card details of a shopper in any form.
The card holder can get the card tokenised by initiating a request on the app provided by the token requestor. The token requestor will forward the request to the card network which, with the consent of the card issuer, will issue a token corresponding to the combination of the card, the token requestor, and the device.
For example, when customers buy anything on e-commerce site like Flipkart, Amazon for the first time, they are asked to enter the 16-digit debit/credit card number and then the CVV code. But while making the second purchase from the same e-retailer one have to enter only the CVV as the site has already saved the 16-digit card number.
However, with the new norms, customers have to enter their entire card details while making buying something. After this, tokenisation will be initiated by the merchant. Customers will be asked for consent, after which the merchant will send the request to the card network which will create a token. That token will act as a proxy to the 16-digit card number and send it back to the merchant.