RBI has decided to enable CoFT directly through card issuing banks / institutions. This will provide cardholders with an additional choice to tokenize their cards for multiple merchant sites through a single process, subject to following requirements:
- Generation of CoF Tokens for a card, through the card issuer, can be enabled through mobile banking and internet banking channels.
- CoFT generation shall be done only on explicit customer consent, and with AFA validation. If the cardholder selects multiple merchants for which to tokenise his/her card, AFA validation may be combined for all these merchants.
- The tokens thus generated shall be made available on the merchant’s payment page, in the cardholder’s account with the merchant.
- The cardholder may tokenise the card at any time of his convenience, either on receipt of the new card or later.
- The card issuer shall provide a complete list of merchants for whom it can provide tokenisation services. The cardholders shall select the merchants with whom he/she wishes to maintain tokens.
- The card token so issued may be either by the card network or the issuer or both.
