About Card-on-File Tokenization:
- Tokenization refers to replacement of actual credit and debit card details with an alternate code called the “token”.
- It is a combination of card, token requestor and device.
- The card detail when stored with a merchant is known as card-on-file (CoF).
- This token is a randomly generated string of characters that has no intrinsic value and is meaningless outside of the context of a specific transaction.
- The token is used as a surrogate for the actual card details, making it more secure to store and transmit.
- Requirements for enabling CoFT through card issuers:
- Generation of CoFT tokens for a card can be enabled through mobile banking and internet banking channels.
- The token can be generated only on explicit customer consent and with AFA (additional factor authentication) validation.
- The cardholder may tokenize the card at any time of their convenience, either on receipt of the new card or at a later stage.
- The cardholder can select the merchants with whom he/she wishes to maintain tokens.
- The card token so issued may be either by the card network or the issuer or both.
- Advantage:
- Tokenization replaces a debit or credit card’s 16-digit number with a unique token that is specific to just your card and is valid for one merchant at a time.
- The token masks the true details of your card, so in case there is a data leak from the merchant website, the fraudster cannot misuse the card.
