Until now, the CoF token could be created only through the merchant’s application or webpage at the time of making a payment. 
Special 
Until now, the CoF token could be created only through the merchant’s application or webpage at the time of making a payment. The Reserve Bank of India (RBI) has taken further measures to boost the security of online transactions. Following the introduction of card tokenisation for online safety, the bank has proposed enabling Card-on-File (CoF) token creation directly at the issuer bank level. This move will make it more convenient for cardholders to create and link tokens to their accounts on e-commerce platforms.
But what exactly does this mean for online shoppers and wandering customers? Way back in 2020, the RBI had stipulated that payment aggregators and merchants should not store actual card data, known as Card-on-File (CoF); instead, all stored card data should be tokenised. Simply, tokenisation replaces card details with a unique algorithmically generated code called a ‘token’. This token will help conduct transactions without exposing the card details.
As mentioned above, the RBI has launched new card-on-file tokenisation channels (CoFT), enabling credit/debit card users to generate tokens via their bank’s app or website.
This shift from e-commerce platforms will alleviate data security concerns related to token generation. But how? Adhil Shetty, CEO of BankBazaar.com, said, “Until now, the CoF token could be created only through the merchant’s application or webpage at the time of making a payment. As a next step, it would now be possible for users to create tokens directly at the issuer bank. The expectation is that once this is implemented, you would be able to create and manage your card tokens for the e-commerce sites directly from your bank account, pretty much like setting your credit limits and spending limits over net banking or banking apps. This gives you greater control over managing your card token and allows you to add, modify, and delete tokens remotely, without accessing the website.”
Also read: What investment strategies can help HNIs to mitigate risk and maximise return?
Also read: Buying an under-construction home? Here is how much it costs
Thus, this mechanism significantly increases the security level of online transactions while protecting consumers’ potent financial data from fraud and hacking attempts. Moreover, the initiative will also empower users with greater control over their card tokens.
Amit Kumar, Chief Technology Officer of Easebuzz, said that once this initiative comes into the picture, customers need not share their card details with any third-party merchants, including personal details. This initiative will improve transaction security and eliminate tokenisation duplication on e-commerce websites. The users can change these tokens. “Card-on-file tokenisation feature will instigate faster checkouts with CVV & OTP authentication as an additional layer of security,” said Kumar.
On the other hand, the CoFT move is also highly beneficial for customer convenience. Often, consumers find it perplexing and time-consuming to input their card details for every online purchase. With tokenisation, consumers will no longer have to do that every time, as their card details will be saved securely using the token method.
What is card tokenisation? It is a data security measure that involves substituting a customer’s credit card details with a non-sensitive equivalent, known as a token. It replaces the 16-digit credit or debit card number with a unique token. This unique identifier retains all essential details without risking exposure to the original data. Tokenisation is predominantly used in card transactions to enhance security by preventing hackers from accessing sensitive card details. However, one can choose whether to let one’s card be tokenised.
Copyright©2025 Living Media India Limited. For reprint rights: Syndications Today
