RBI proposes card-on-file tokenization for enhanced security: What it means
The Reserve Bank of India (RBI) is looking to implement card-on-file tokenization (CoFT) at the issuer-bank level, aiming to boost security and convenience for customers. This change means users can generate card tokens through their bank's website or app, instead of on e-commerce platforms, addressing data security concerns tied to token generation on third-party sites. As a result, customers will have more control over handling their card tokens once the proposal takes effect.
Benefits of CoFT for customers and banks
CoFT brings several benefits to both customers and banks. For customers, it adds an extra layer of protection during card transactions, lowering the risk of data breaches. Plus, it allows users to create and manage their card tokens directly from their bank account, giving them more control over their tokens without needing to access merchant websites. For banks, CoFT poses minimal challenges as most can use existing unified payment frameworks for token creation.
Tokenization: a secure method for transactions
Tokenization is a technique that swaps a debit or credit card's 16-digit number with a unique token specific to the card and merchant. This approach hides the card's actual details, preventing misuse if there's a data leak. Tokens can be utilized for online, mobile point-of-sale, as well as in-app transactions. They don't contain personal information and change constantly, making them a highly secure way to conduct transactions.
Expert opinions on RBI's CoFT proposal
Industry experts have applauded the RBI's CoFT proposal as a game-changer for cardholders and the financial sector. Khilan Haria, SVP and head of payments at Razorpay said that CoFT would eliminate payment friction and manual data entry, while enhancing customer experience and increasing activation and spending for banks. Rajsri Rengan, the India head of development for banking and payments at FIS, also voiced support for the proposal.
Potential issue with card tokenization
Although card tokenization is seen as a highly secure method for transactions, Sumanta Mandal, founder of TechnoFino, warned that payments might still go through even if the wrong CVV is entered. For instance, if a credit card token is saved on Amazon and the incorrect CVV is entered during a transaction, the payment will still be successful upon entering the OTP. Banks should tackle this issue to ensure optimal security for cardholders.
