Large merchants comply with card tokenisation as deadline nears: Report

Most of the large merchants have complied with the RBI's card-on-file (CoF) tokenisation norms and 19.5 crore tokens have been issued so far, sources said.

The RBI had directed the merchants to implement its tokenisation norms by June 30, 2022. The central bank has twice extended the deadline of its implementation in the past.

Card-on-file or CoF refers to card information stored by payment gateway and merchants to process future transactions.

According to the sources, the system is fairly well prepared as most large merchants have already adjusted.

Some of them are in the process of doing it, while for some foreign entities business may not be that large for them to focus on making these changes, the sources said.

There are about 19.5 crore tokens have already been issued so far and it is going up regularly, they added.

Under tokenisation services, a unique alternate code is generated to facilitate transactions through cards.

The RBI in last September prohibited merchants from storing customer card details on their servers with effect from January 1, 2022, and mandated the adoption of CoF tokenisation as an alternative to card storage.

The basic purpose of tokenisation is to increase and improve customer safety. With tokenisation, storage of card details is limited.

The RBI in March 2020 stipulated that authorised payment aggregators and the merchants onboarded by them should not store actual card data to minimise vulnerable points in the system. On a request from the industry, it extended the deadline to December 2021 as a one-time measure.

The tokenisation of card data, however, shall be done with explicit customer consent requiring an additional factor of authentication (AFA).