The RBI directive allows card issuing banks to enable card-on-file tokenization (COFT) directly for users

   In a recent move, the Reserve Bank of India (RBI) has issued a directive allowing card issuing banks to facilitate Card-on-File Tokenization (CoFT) services directly to cardholders.  This announcement follows earlier RBI circulars regarding token services provided by card issuers and networks.

Previously, card tokenization services were completely managed by card issuers and networks, as outlined in various RBI circulars dated January 8, 2019, September 7, 2021 and June 24, 2022, on management and storage of card data.  Let's focus on.

  The new directive, in line with the Statement of Developments and Regulatory Policies dated October 6, 2023, gives cardholders the option to tokenize their cards for multiple merchant sites through an integrated process facilitated directly by card-issuing banks.  The move aims to streamline and simplify the tokenization process, providing additional convenience to cardholders.

  The requirements outlined for this facility, listed in the attachments to the Directive, emphasize the need for additional factors of explicit customer consent and authorization (AFA) verification during the COFT production process.  The generated tokens will be accessible on the merchant's payment page within the cardholder's account.

  The instructions issued under relevant sections of the Payment and Settlement Systems Act, 2007, retain the applicability of earlier RBI circulars while introducing this new avenue for card tokenization.

  This development marks a significant step towards enhancing user convenience and security in managing card transactions across multiple platforms.