adsense

Showing posts with label Card-on-File. Show all posts
Showing posts with label Card-on-File. Show all posts

Friday, October 6, 2023

Introducing new channels for Card-on-File Tokenisation

 Introducing new channels for Card-on-File Tokenisation



The Reserve Bank of India (RBI) introduced Card-on-File Tokenisation (CoFT) in September 2021, marking a significant step in enhancing the security and efficiency of electronic transactions.

The implementation of CoFT began on October 1, 2022, and its impact has been noteworthy.

To date, more than 56 crore tokens have been generated, facilitating transactions totaling over ₹5 lakh crore.

This demonstrates the widespread adoption and acceptance of tokenisation as a security measure in the digital payment landscape.

Tokenisation has played a crucial role in bolstering transaction security, ensuring that sensitive card details are shielded from potential security breaches.

Additionally, it has contributed to an improved transaction approval rate, making electronic payments smoother and more reliable for both consumers and merchants.

Previously, the creation of Card-on-File (CoF) tokens was primarily the domain of merchants, involving their applications or webpages.

However, there is now a proposal to expand the token creation process directly at the issuer bank level.

 

This proposed measure holds the promise of greater convenience for cardholders, as they will have the option to easily create tokens and link them to their existing accounts with various e-commerce applications.

This step is poised to simplify and streamline the tokenisation process, ultimately benefiting consumers and promoting the adoption of secure digital payments.

RBI is set to issue specific instructions regarding this enhancement, further solidifying its commitment to advancing the security and accessibility of electronic transactions.

Tokenization is the process of converting actual card details into a unique token, while de-tokenization involves converting the token back into the original card details.

Tokenization offers enhanced security for card transactions because it prevents the sharing of actual card details with merchants during transaction processing. Instead, a token representing the card is used, minimizing the risk of sensitive information exposure.

Customers can initiate tokenization by requesting it through an app provided by the token requestor. The request is then sent to the card network, which, with the consent of the card issuer, generates a corresponding token for that specific card, token requestor, and device.

Tokenization is permitted on various consumer devices such as mobile phones, tablets, laptops, wearables, and IoT devices for different use cases, including contactless card transactions, payments through QR codes, and app-based payments.

Tokenization and de-tokenization can be performed by authorized card networks or card issuers. The RBI provides a list of authorized card networks operating in India.

 

In tokenized card transactions, key stakeholders include the merchant, merchant's acquirer, token service provider, token requestor, issuer, and the customer. However, other entities may also participate in the transaction.

Card details, tokens, and relevant information are securely stored by the token service provider, ensuring the safety of customer data. Token requestors must meet international safety and security standards.

Tokenization is not mandatory for customers; they have the choice to decide whether to tokenize their cards. Customers can also select tokenization for specific use cases like contactless, QR code-based, or in-app payments.

Registration for tokenization requires explicit customer consent through Additional Factor of Authentication (AFA), ensuring customers are fully aware and in control of the process.

Customers can set and modify transaction limits for tokenized card transactions, allowing them to customize their security preferences.

Customers can request tokenization for any number of cards, and they are free to use any of the registered cards with the token requestor app for transactions.

 

Additional Reading:

Tokenisation – Card transactions dt.Jan 08, 2019 @ https://www.rbi.org.in/scripts/FS_Notification.aspx?Id=11449&fn=9&Mode=0

Tokenisation – Card Transactions: Permitting Card-on-File Tokenisation (CoFT) Services dt.September 07, 2021 @ https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=12159&Mode=0

 

MasterCard Issuer-Initiated Tokenization @ https://developer.mastercard.com/mdes-pre-digitization/documentation/use_case/issuer-tokenization/

 

Disclaimer: These views represent my personal perspective and understanding at the moment. As operating guidelines evolve and become more defined, my understanding may also evolve. However, our unwavering commitment remains focused on spreading the Joy of Safe ePayments.

 

Diabetes Care Motivator #DiabetesCareMotivator

 

 

Posted by at No comments:
Labels: , , ,
Subscribe to: Posts (Atom)

LinkWithin

Related Posts with Thumbnails

Disclaimer

The thoughts in this BLOG are personal, and reflect only my view on the subject.
This are not the views of my Employers.
All images, logos rights rest with the Original TitleHolders

All efforts have been made to make this information as accurate as possible, N Prashant will not be responsible for any loss to any person caused by inaccuracy in the information available on this Website. Relevent Official Gazettes Communications may be consulted for an accurate information. Any discrepancy found may be brought to the notice of N Prashant