What is Card on File Tokenisation & How COFT Works? - Kotak Bank
  • Personal
  • Business
  • Corporate
  • Private Banking
  • Privy League
  • NRI Services
  • Investors
  • Personal
  • Business
  • Corporate
  • Private Banking
  • Privy League
  • NRI Services
  • Investors
Apply Now
27 JANUARY, 2022

Reserve Bank of India (RBI), in its circular dated 7th September 2021, stated that it would allow card-on-file tokenisation for e-commerce companies in the wake of booming online businesses. Since an increasing number of businesses are treading the digital path and embracing the digital payment ecosystem, the new RBI guidelines prohibit businesses, payment aggregators, payment gateways and acquiring banks from saving customer card details on their servers from January 1, 2022.

The circular further explains that only issuing banks and card networks (Visa, Mastercard, Rupay, and more) are allowed to store the card information during payment tokenisation. The broader objective behind token authentication was to minimise the occurrences of online fraud by protecting the customers’ valuable financial information from volatile data breaches and theft cases. While the new RBI guidelines prohibit anyone apart from banks and card networks to save card information, the apex body also offered a workaround called ‘Card-on-File Tokenisation.’


What is Card-on-File Tokenisation?

Tokenisation is a process where the cardholder’s original card number, one which is written on the card and is extensively used for transactions and card identification, is replaced with a surrogate term called ‘token.’

This process allows enhanced card protection by converting the customers’ card numbers into tokens. The exchange of tokens happens between the token requestor and the network, which empowers customers to receive a secure and reliable online payment experience. All relationship evidence of such exchange between token and crucial card information is securely saved in a vault that is only accessible to the card networks. Resultantly, the customers’ card details will be highly protected from online frauds and hackers.


How Does Card-on-File Tokenisation Work?

When a customer makes a transaction by using their card at a tokenisation-based-authentication server, here is the flow of the process:

  • A credit/debit card is used for transactions at a POS device or an e-commerce website
  • The tokenisation system receives and interprets the credit card number
  • The tokenisation system goes on to replace the original credit card number with a 16-digit random character token for security
  • The tokenisation system then provides the converted 16-digit random token number to the e-commerce marketplace and replaces the user’s credit card number with the same in their system


For instance, card number (example): 4018 2255 6984 7854 will be replaced with token number: 4325 5214 8574 6658. Tokenisation system is an important tool for separating crucial data in ecosystems and databases while also offering enhanced card protection to the cardholders.

Read Also: Explore discounts & Promo Codes on Yatra with a Credit card


Common FAQs Around Card-on-File Tokenisation

  • What is the benefit of tokenisation?

A transaction with tokenised card detail is much safer than a conventional one. Needless to say, when the actual card details aren’t shared with the merchant during transactions, it is unlikely to be captured by hackers and online scamsters, making it a super safe experience for card issuers, merchants, and cardholders.


  • Does debit and credit cards come under the guidelines of tokenisation?

Yes, from 1st January 2021 onwards, debit and credit cards both have to undergo tokenisation for any online transaction or purchase.


  • Are there any charges a customer has o to pay for availing tokenisation service?

There are no charges associated with availing of tokenisation service for customers.


  • Are customer card details really safe after tokenisation?

Only authorised card networks are allowed to store the actual card data, tokens and other relevant details. Card networks are also mandated to certify the token requestor for safety and security that conform to international best practices / globally accepted standards.


  • Will tokenisation affect POS transactions that a cardholder does at merchant outlets?

The answer is NO! the tokenisation is only valid and relevant in cases of online transactions.


  • After tokenisation, how will the customer see their card details on the merchant’s page?

After the actual card details have been tokenised, the cardholder can see the last four digits of their card number to validate the transaction. The rest of the initial 12 numbers are hidden and tokenised for increased safety.


  • Is getting tokenisation necessary for all cardholders?

No, it’s entirely on the customer’s choice to get their card tokenised. However, all cardholders must enable this when transacting online for enhanced safety of their cards and reducing incidences of a data breach.


  • Is the tokenisation also applicable on the international Card on file transactions?

No, so far, the tokenisation only covers domestic transactions happening within India.


  • What is the limit on the number of cards to get tokenised? Can a customer get all their cards tokenised if they have more than one?

A customer can request for any number of cards to get tokenised; there’s no limit on the maximum number of cards. While making a transaction, a customer can use any of the tokenised card details taken from the token requestor app. For every combination of card and merchant, a unique token is generated each time. A customer is free to use any of the existing cards or a new credit card registered with the token requestor app.

Read Also : क्रेडिट कार्ड क्या है ?


The above RBI guidelines on card-on-file tokenisation have come at just the right time when India’s digital payment landscape is expanding, and Indian consumers are increasingly turning to digital payment methods every day for regular and discretionary needs.

Latest Comments

Leave a Comment

200 Characters

Read Next

Flipkart No Cost EMI On Credit Cards: Guide To Avail The Deal


Benefits of Using Credit Card


Unlocking Savings: Exploring Discounts & Promo Codes with Yatra on Flights Bookings

Load More

Disclaimer: This Article is for information purposes only. The views expressed in this Article do not necessarily constitute the views of Kotak Mahindra Bank Ltd. (“Bank”) or its employees. The Bank makes no warranty of any kind with respect to the completeness or accuracy of the material and articles contained in this Article. The information contained in this Article is sourced from empaneled external experts for the benefit of the customers and it does not constitute legal advice from the Bank. The Bank, its directors, employees and the contributors shall not be responsible or liable for any damage or loss resulting from or arising due to reliance on or use of any information contained herein. Tax laws are subject to amendment from time to time. The above information is for general understanding and reference. This is not legal advice or tax advice, and users are advised to consult their tax advisors before making any decision or taking any action.