The Reserve Bank of India has enabled Card-on-File Tokenisation (CoFT) directly through card issuing banks / institutions also. This will provide cardholders with an additional choice to tokenise their cards for multiple merchant sites through a single process, the central bank said in a notification.
Generation of CoF Tokens for a card, through the card issuer, can be enabled through mobile banking and internet banking channels, it said.
CoFT generation shall be done only on explicit customer consent, and with AFA validation. If the cardholder selects multiple merchants for which to tokenise
his/her card, AFA validation may be combined for all these merchants. The tokens thus generated shall be made available on the merchant’s payment
page, in the cardholder’s account with the merchant, it added.
The cardholder may tokenise the card at any time of his convenience, either on receipt of the new card or later, the RBI said.
The card issuer shall provide a complete list of merchants for whom it can provide tokenisation services. The cardholders shall select the merchants with whom he/she wishes to maintain tokens. (Alternatively – “The cardholder can make his selection from the list”).
The card token so issued may be either by the card network or the issuer or both, it said.