In order to ensure the safety and security of the payment system, the Reserve Bank of India (RBI) has expanded the tokenization facility from an earlier version/framework to Card on File Tokenization (COFT).
Virtual payments Fintech Paytm has now introduced a tokenization solution for online credit and debit card transfers. Tokenization offers an added layer of security by “converting the sensitive card information such as card number, CVV and card name to a set of randomly generated numbers known as ‘token’,” the Indian Fintech firm explained.
As mentioned in a blog post by Paytm, this development has been initiated after the RBI, the nation’s central bank, had issued the guidelines for Payment Aggregator (PA) and Payment Gateways (PG).
As per the RBI guidelines, beginning 1st January 2022, the payment aggregators and merchants will “not be allowed to store the card credentials of the customers in their database.”
To avail of the tokenization facility, all that a customer needs to do is “provide a one-time consent via OTP and undertake a transaction to tokenize their credit/debit card for the first time,” the update explained.
Paytm Payments Bank tokenization solution is “going to make recurring payments convenient and safe for customers by allowing the payment providers to save cards using tokens.”
The Fintech firm also noted that this facility supports “all major card networks like Rupay, Visa and Mastercard.” Paytm claims 120+ million users with “at least one saved card on Paytm.”
With effect from 1st January 2022, “no entity in the payment chain/card transaction other than the card issuers and/or card networks shall store the actual card data,” the update from Paytm confirmed.
Any such data stored previously “shall be removed for reconciliation purposes and/or transaction tracking the entities can store limited data (last 4 digits of the actual card number and card issuer’s name in agreement with the applicable standards).”
With the help of COFT, the merchant partners can “create, process, modify and delete tokens for online card payments with the consent of the customers.”
Moreover, this will “not only save the time and effort of the merchant partners by omitting the need to integrate with multiple card networks, but it will also ensure full compliance with the RBI guidelines,” the update noted.
The Card on File Tokenization (COFT) is introduced with “an objective to improve customer data security and offer them the same degree of convenience as now.”
With a tokenization facility, there will be “no requirement to input card details for every transaction,” the announcement added while pointing out that with COFT, RBI aims to “deepen digital payments in India and make such payments safe and efficient for users.”