News

Card Tokenization: Most Large Merchants Complying With Norms As Deadline Nears

The RBI had directed the merchants to implement its tokenization norms by June 30, 2022. The central bank has twice extended the deadline of its implementation in the past.

Card Tokenization: Most Large Merchants Complying With Norms As Deadline Nears
info_icon

Most of the large merchants have complied with the RBI's card-on-file (CoF) tokenization norms and 19.5 crore tokens have been issued so far, sources said.

The RBI had directed the merchants to implement its tokenization norms by June 30, 2022. The central bank has twice extended the deadline of its implementation in the past.  

Card-on-file or CoF refers to card information stored by payment gateway and merchants to process future transactions.

According to the sources, the system is fairly well prepared as most large merchants have already adjusted.

Some of them are in the process of doing it, while for some foreign entities business may not be that large for them to focus on making these changes, the sources said. 

Advertisement

There are about 19.5 crore tokens that have already been issued so far and it is going up regularly, they added. 

Under tokenization services, a unique alternate code is generated to facilitate transactions through cards.

The RBI last September prohibited merchants from storing customer card details on their servers with effect from January 1, 2022, and mandated the adoption of CoF tokenization as an alternative to card storage.

The basic purpose of tokenization is to increase and improve customer safety. With tokenization, storage of card details is limited.

The RBI in March 2020 stipulated that authorized payment aggregators and the merchants onboarded by them should not store actual card data to minimize vulnerable points in the system. On a request from the industry, it extended the deadline to December 2021 as a one-time measure.

Advertisement

The tokenization of card data, however, shall be done with explicit customer consent requiring an additional factor of authentication (AFA). 

Advertisement

Advertisement

Advertisement

Advertisement