The Reserve Bank of India (RBI) stated in a circular dated 7th September 2021, that it would start initiating card-on-file tokenisation for e-commerce businesses which have been booming of late. A number of businesses have been shifting their operations online, adapting the digital payment ecosystem. These guidelines prohibit payment gateways, payment aggregators, and acquiring banks from storing customer card information, which is critical, on their servers. These rules have been laid out w.e.f 1st January 2022.

The circular further states that only card networks like Visa, MasterCard, RuPay, and a few others along with the issuing banks are allowed to store the card details during tokenisation. The basic aim behind token authentication was to tackle online frauds as well as protect customer’s valuable information from data breaches and thefts. While the new RBI guidelines prohibit entities to save card information, it has offered an alternative called ‘Card-on-File Tokenisation.’

Card-On-File Tokenisation – What Exactly Is It?

The process where the original card number of the cardholder which is written on the card and is used for transactions is replaced by a term called ‘token’ is called ‘Card-on-File Tokenisation.’ This process activates enhanced protection as the customer’s card number is converted into tokens, hiding the actual numbers.

The exchange of tokens take place between the token requestor and the network, which gives customers a thorough payment experience, which is secure and reliable to the core. The data that is exchanged is securely stored safely in a vault, and is accessible only by the card networks. This provides a robust layer of protection which prevents hackers from committing any kind of online frauds related to cards.

Card-on-File Tokenisation – The Process

When customers use their cards to make any transaction via a tokenisation-based authentication server, this is the process that takes place:

• Customer uses the debit/credit card to transact via a e-commerce website/POS
• The system interprets the card number
• The tokenisation system replaces the original card number with a 16-digit random token
• The generated token is then sent to the e-commerce platform

This enables maximum security as the actual card number stays hidden and the transaction also takes place seamlessly.

How is Card-on-File Tokenization Significant for Banks?

• Security: There are constant threats lurking around the banking industry like data thefts and security breaches. Card-on-file tokenization eradicates the risk completely as sensitive card holder data is not passed on during transactions. The attempt to pilfer card information falls flat owing to this robust security method.
• Regulatory Compliance: Tokenization diminishes the chances of data exposure, thereby helping banks to follow data protection standards like the Payment Card Industry Data Security Standard (PCI DSS).
• Customer Trust: Digital payments have increased the need to keep the data secured by banks. Tokenization safeguards customer data which automatically strengthens trust from customers.
• Streamlined Process: The use of tokens eliminates the need for customers to repeatedly enter their card details. This simplifies customer experience, and at the same time streamlines transaction processing.

Best Practices to Follow by Banks for Card-on-File Tokenization

• Security: There are constant threats lurking around the banking industry like data thefts and security breaches. Card-on-file tokenization eradicates the risk completely as sensitive card holder data is not passed on during transactions. The attempt to pilfer card information falls flat owing to this robust security method.
• Multi Factor Authentication: Banks should ensure that MFA is implemented when customers access their tokenized data. This adds an additional layer of security before sensitive information is accessed.
• Monitor & Update Security: The tokenization system should be regularly monitored for vulnerabilities, and updates should be applied to fortify the system against threats from time to time.
• Zero Charges: Banks should ensure that they do not levy any additional charges to customer for availing this service.

In conclusion, card-on-file tokenization has come across as a vital safeguard in the modern banking landscape. By adhering to best practices and guidelines laid by the RBI, banks can power their tokenization process and enhance security of customer data in a significant manner.