you the option of saving your card details, such as the 16-digit card number, the card expiry date and the CVV, which, according to the RBI often makes users susceptible to fraud.
“In fact, some merchants force their customers to store card details. Availability of such details with a large number of merchants substantially increases the risk of card data being stolen,” the apex bank said in a statement “In the recent past, there were incidents where card data stored by some merchants have been compromised/leaked. Any leakage of CoF data can have serious repercussions because many jurisdictions do not require an AFA for card transactions. Stolen card data can also be used to perpetrate frauds within India through social engineering techniques.”
Accordingly, the RBI proposed the extension of a device-based tokenisation framework to Card-on-Fite Tokenisation (CoFT) services, and has refused to stretch the deadline for its implementation beyond 1 January 2022. Tokenisation refers to the process of replacing actual card details with a unique alternate code called a “token”, which will be unique for each combination of card, token requestor and device.
“[…] card issuers have been permitted to offer card tokenisation services as token service providers. The tokenisation of card data shall be done with explicit customer consent requiring additional factor of authentication (AFA),” the RBI added.
The Reserve Bank further noted that under the tokenisation arrangement, there will be no requirement to enter card details for every transaction. “The efforts of Reserve Bank to deepen digital payments in India and make such payments safe and efficient shall continue,” the central bank’s noted.
