The Reserve Bank of India (RBI) has upgraded its Card on File tokenisation (COFT) facility from a previously designed-based tokenisation framework to ensure the safety and security of the payment system.
To address this, banking institutions like IDFC FIRST Bank have unveiled a tokenisation method for credit and debit card purchases. By changing the sensitive card information, such as the card number, CVV, and card name, into a collection of randomly generated numbers known as “tokens,” tokenisation adds an extra degree of security for users.
So, customers can now make credit card comparison to choose the one in compliance with the COFT facility. In this article, learn how the COFT got implemented, what it is, how it works, and how it secures data.
Table of Contents
This development was underway after the RBI released its rules for payment aggregators (PA) and payment gateways (PG). Since January 1, 2022, merchants and payment aggregators cannot keep client credit card information in their databases due to RBI regulations.
The only requirements for using the tokenisation service are a one-time consent through OTP and a transaction to tokenise a customer’s free credit card or debit card for the first time.
When a card is tokenised, the original cardholder’s number—printed on the card and frequently used for transactions and card identification—is changed to a substitute term called a “token.” This method enhances your credit card data security by creating tokens from the customer’s details.
Customers can experience a safe and dependable online payment process thanks to the token exchange between the network and the token requestor. The essential card information and all relationship proof of such an exchange are safely stored in a vault that is only open to the card networks.
Domain controls provide for the restriction of payment tokens to a particular Merchant, reducing the risk of unauthorised usage in the event of a data breach.
Payment tokens enable seamless payment experiences for card members and merchant revenue continuity even if a card is replaced. Using COFT, the payment token’s card information can be continuously updated without the card member making any manual updates.
One can use payment tokens to process transactions instead of security or acquirer tokens. The card issuer’s trust in approving transactions and overall consumer experience increases when they use payment tokens to make transactions, especially at a low credit card interest rate.
Here is how a transaction at a tokenisation-based authentication server works when a customer uses their card:
- Learn how to apply credit card, as you need one to make purchases at a point of sale or in an online store.
- The credit card number is transmitted to and interpreted by the tokenisation system.
- The tokenisation method then substitutes a 16-digit random character token for security instead of the original credit card number.
- Then, the tokenisation system transfers the converted 16-digit random token number to the online store and substitutes it for the user’s credit card number in their database.
Customers will find recurring payments convenient and secure thanks to the COFT tokenisation technology, which enables payment providers to save cards using tokens. All major card networks, including Rupay, Visa, and Mastercard, are supported by this feature.