Earlier, only device-based tokenisation was permitted under the central bank’s regulatory regime for payment aggregators and payment gateways (PA/PGs). The regulator also addressed concerns that the new rules would force customers to manually enter card details every time the user wants to make a transaction.
“Citing the convenience and comfort factor for users while undertaking card transactions online, many entities involved in the card payment transaction chain store actual card details, known as Card-on-File (CoF),” RBI said in a statement Tuesday. “It may be noted that introduction of CoF tokenisation (COFT) while improving customer data security, will offer customers the same degree of convenience as now.”
RBI said that under the existing system, the storage of card data by merchants leaves such files vulnerable to frauds, necessitating the new tokenisation framework first introduced in March 2020.
