The Reserve Bank of India has extended the timeline for tokenization of debit and credit cards by three months till September 30, 2022 to avoid disruption and inconvenience to cardholders.
The RBI had earlier mandated that after December 31, 2021, entities other than card networks and card issuers cannot store card data, subsequently extending the deadline to June 30, 2022. A framework for Card on File Tokenization (CoFT) services was also issued.
According to the RBI, this extended time period may be utilised by the industry for facilitating all stakeholders to be ready for handling tokenized transactions and processing transactions based on tokens.
According to the RBI, the industry stakeholders have highlighted some issues related to implementation of the framework in respect of guest checkout transactions. Also, the number of transactions processed using tokens is yet to gain traction across all categories of merchants. Under this framework, cardholders can create “tokens” (a unique alternate code) in lieu of card details, which can then be stored by the merchants for processing transactions in future.
To create a token under the CoFT framework, the cardholder has to undergo a one-time registration process for each card at every online or e-commerce merchant’s website or mobile application, by entering the card details and giving consent for creating a token. This consent is validated by way of authentication through an AFA. Thereafter, a token is created which is specific to the card and online or e-commerce merchant and cannot be used for payment at any other merchant.
Discussion about this post