Tokenisation: RBI expands the scope of CoFT to debit cards issuing banks. Details here

livemint.com:

digital payments more secure, safe and sound, The Reserve Bank of India (RBI) has now enabled card-on-file tokenisation (CoFT) through card issuing banks and institutions. So far, the tokenisation services were provided through merchants. The banking regulator, however, announced in a statement dated Oct 6 this year on development and regulatory policies that CoFT will soon be carried out directly through card issuing banks and institutions as well.

As a follow-up measure, RBI issued a notification on Wednesday to announce that CoFT has now been enabled directly through card issuing banks and institutions. The latest measure is aimed to enhance convenience for cardholders to get tokens created and linked to their existing accounts with various e-commerce applications. 1.

Generation of CoFT tokens for a card can be enabled through mobile banking and internet banking channels. 2. The token can be generated only on explicit customer consent and with AFA validation.

3. The cardholder may tokenise the card at any time of their convenience, either on receipt of the new card or at a later stage 4. The cardholder can select the merchants with whom he/she wishes to maintain tokens.

5. The card token so issued may be either by the card network or the issuer or both. The card details when stored with a merchant is known as card-on-file (CoF).

It was a common practice for merchants to store card details with them. In fact, some merchants would compel the users to store card details on their app or web page before making payment. This free availability of information used to compromise the safety of financial data of users.