Mumbai, June 24: Reserve Bank of India India (RBI) on Friday extended the deadline for card-on-file (CoF) tokens by three months to September 30, 2022, in view of various representations received from industry bodies.
Card-on-file, or COF, refers to card information stored by payment gateways and merchants to process future transactions. Tokenization is the process of replacing the original card details with a unique optional code called a ‘token’ – enabling more secure transactions.
RBI has now directed traders to implement its tokenization norms by September 30, 2022. This is the third time that the central bank has extended the deadline for its implementation. The industry stakeholders have highlighted certain issues relating to the implementation of the framework with respect to guest checkout transactions, RBI said in a statement.
Also, many of the transactions processed using the token are still not able to gain traction across all categories of merchants. “These issues are being dealt with in consultation with the stakeholders, and in order to avoid disruption and inconvenience to the cardholders, the Reserve Bank has today announced extension of the said deadline of June 30, 2022 by three more months, viz. Till September 30, 2022,” it said.
As per RBI order to enhance the security of online transactions, the card details saved by the merchants on the merchant website/app were to be deleted by June 30, 2022.
About 195 crore tokens have been created so far, the statement said. “The option of COFT (i.e. creating tokens) is voluntary for cardholders. Those who do not wish to generate tokens can continue to transact as before by entering the card details manually at the time of transacting (usually ‘Guest checkout ‘transaction’),” it noted. The basic objective of tokenization is to enhance and improve customer security. With tokens, the storage of card details is limited.
At present, many entities, including merchants, are involved in an online card transaction chain store card data such as card number, expiration date, etc. (card-on-file), citing the convenience and convenience of the cardholder to conduct transactions in the future. Huh. While this practice provides convenience, the availability of card details with multiple entities increases the risk of card data theft/misuse.
Also read: Uber refutes reports of exit from India market, may sell India business
There are instances where such data stored by merchants etc. has been compromised. Given the fact that many jurisdictions do not mandate an Additional Factor of Authentication (AFA) to authenticate card transactions, stolen data in the hands of fraudsters can result in unauthorized transactions and cause monetary loss to cardholders. could. Even within India, social engineering techniques can be used to commit fraud using such data, the statement said.
In order to generate a token under the COF framework, the cardholder will have to go through a one-time registration process for each card on the website/mobile application of each online/e-commerce merchant by entering the card details and consenting to generate the token. , Consent is confirmed through authentication through the AFA. Thereafter, a token is created, which is unique to the card and the online/e-commerce merchant. The token cannot be used to pay for any other merchant.
RBI said that for future transactions done on the same merchant website/mobile application, the cardholder can identify the last four-digit card during the checkout process. Thus, the cardholder does not need to remember or enter the token for future transactions and the card can be tokenized at any number of online or e-commerce merchants, it noted.
Vishwas Patel, Executive Director, Infibeam Avenues Limited and Chairman of Payments Council of India, said that this three-month extension by the RBI will provide breathing space for all the parties involved in adhering to the tokenization norms and it will certainly be a smooth transition. will help. PCI).
,
read all breaking news , today’s fresh news watch top videos And live TV Here.