n efforts to make financial transactions by debit and credit cards more secure, the RBI is ready to bring its card-on-file tokenization (CoF) norms into effect from 1 October, 2022 to fight against online fraud.
The CoF tokenisation norms will help in storing the user’s card details in a form of a token for future transactions and will keep their actual card details secure. The new rule will replace actual card details with an alternative code “token”, which shall be further used for future transactions.
The CoF tokenisation norms will be applied to credit and debit card information. Earlier, the change was to come into effect on 30 June, 2022, however, it was postponed until 30 September, 2022, following which the norms must be followed from 1 October, 2022.
To obtain a token, the cardholder needs to go through a one-time registration process while using their cards at any e-commerce platform. As they enter their card details, it gives consent to create a token which is then validated by way of authentication through an additional factor of authentication (AFA). A token is thereafter created which can be used for future transactions with the CVV number and OTP steps.
With the use of the new rules for card transactions on e-commerce websites, the card details of users remain safe and they are not stored on the platforms, nor are they shared with the merchant during the payment process. It will also not allow the platforms to voluntarily store the sensitive card details of the user in any form.