RBI expands 'tokenisation' facility to CoFT services after device-based framework

In a move aimed to allow seamless recurring payments, Reserve Bank of India (RBI) has expanded the tokenisation facility from earlier device-based tokenisation framework to card-on-file tokenisation (CoFT) services as well, with the explicit consent of the customer.

It may be pointed out that the RBI has set a December-2021 deadline to prohibit payments aggregators, merchants and service providers like Amazon and Netflix from storing customer card details in their servers. Currently, checkout is faster as customers are not required to refill their card details for monthly subscriptions. But it won't be like that any longer.

The objective of the RBI's diktat is to create a better security framework for digital transactions. In the past, there have been instances of unauthorised use of customer data, theft, and misuse.

Tokenisation is a solution for the payments industry. Tokenisation means replacing the actual card details with codes known as "token". The token is much safer as the actual card details are not shared with the merchant during transaction processing.

Also read: RBI's 'tokenisation' move to fight rising cyber crimes in India

"Stakeholders involved in a tokenised transactions are the merchant, the merchant's acquirer, card payment network, token requestor, issuer, and customer and hence, all parties need to be ready to provide this service. The extension of the scope of tokenisation to all consumer devices like wearables (wristwatches, bands, etc.), Internet of Things (IoT) devices in addition to mobile phones, laptops, tablets by the RBI is a welcome to move," says Ramesh Narasimhan, Head- Digital Commerce, Worldline India.

RBI had earlier allowed device-based tokenisation. Under this model, payment network providers like Visa, Mastercard, or American Express carry out tokenisation and the token is saved on the payment device like mobile, wrist bands, PC, etc.

Also read: RBI extends scope of tokenisation to laptops, desktops, wearables

RBI has now permitted 'card-on-file tokenisation.' Under this model, tokenisation will be done by multiple entities like merchant outlets, payment aggregators, payment gateway providers, as well networks like Visa and Mastercard. This will help in storing payment information for recurring use like paying subscriptions.

In order to simplify recurring payments, Worldline has introduced an innovative 'Subscription Payments Platform' focused on comprehensive subscription life-cycle management and payment processing services. "This platform will comply with the framework mandated by the RBI guidelines and ensure minimal impact to service providers for collecting recurring payments," says Narasimhan. The other payments players are also working on new security features to comply with the RBI guidelines.

Also read: RBI's new move to make card payments safer: All you need to know about tokenisation