The Reserve Bank of India has allowed all card-issuing banks and financial institutions to offer card-on-file tokenisation.
Through this, card users will now get a single point of tokenisation before they use multiple merchant sites, according to an official circular. However, it will only be done after customer consent.
Before this announcement, CoF tokenisation was only possible through a merchant's application or webpage.
But since tokenisation has improved the transaction security and approval rate, RBI Governor Shaktikanta Das proposed its extension to issuer banks as well in his monetary policy address on Oct. 6.
The central bank has also listed detailed requirements for enabling this at the issuing bank level.
These include:
CoF tokenisation through the issuer bank can be enabled through mobile banking and internet banking channels.
If a cardholder selects multiple merchants to tokenise their card, the additional factor of authentication must be combined for all merchants.
The cardholder may tokenise their card at any time.
The card issuer must provide a complete list of merchants for whom it can provide tokenisation services.
In June 2022, the RBI mandated card tokenisation for all online merchant transactions.
Ever since the CoF tokenisation introduction in September 2021, over 56 crore tokens have been created, on which transactions with a value of over Rs 5 lakh crore have been undertaken, Das said in his monetary policy address.