On January 08, 2019, RBI permitted card networks for tokenisation of card in card transactions, to improve the safety and security of card transactions. This will provide cardholders with an additional choice to tokenise their cards for multiple merchant sites through a single process. Recently, on December 20, 2023, RBI issued notification on requirements for card issuing banks/institutions for providing card tokenisation facilities, they are as follows:
- Generation of CoFT for a card, through the card issuer, can be enabled through mobile banking and internet banking channels.
- CoFT generation shall be done only on explicit customer consent, and with AFA validation. If the cardholder selects multiple merchants for which to tokenise his/her card, AFA validation may be combined for all these merchants.
- The tokens thus generated shall be made available on the merchant’s payment page, in the cardholder’s account with the merchant.
- The cardholder may tokenise the card at any time of his convenience, either on receipt of the new card or later.
- The card issuer shall provide a complete list of merchants for whom it can provide tokenisation services. The cardholders shall select the merchants with whom he/she wishes to maintain tokens. (Alternatively – “The cardholder can make his selection from the list”).
- The card token so issued may be either by the card network or the issuer or both.
- All other provisions of RBI circulars dated January 08, 2019, August 25, 2021, September 7, 2021, and July 28, 2022 shall remain applicable.
