1. What is a token? And how safe is it?
With respect to online merchants, a token is a 16-digit number unique for a combination of card, token requestor and merchant. Through tokenization your actual card details are replaced with token credentials which can be used only with the intended merchant. Also, each token requestor (Website/App/Merchants) is certified for safety & security as per international best practices / globally accepted standards.
2. Is this applicable on all cards?
Yes. The regulation is applicable to all Debit & Credit cards.
3. How will the transactions be processed without card number?
Once the card is tokenised and the token details are stored at a merchant, these token details will be used to initiate online payments instead of actual card number to process transactions. You will be able to identify your card number with the last 4 digits and bank name and complete online card payments as you do currently with an OTP.
4. What are the charges that the customer needs to pay for availing this service?
The customer need not pay any charges for availing this service.
5. Do I have an option to tokenize the card directly with the Bank?
No, you will have to raise token requests through the merchant portal or app.
6. Do I have to tokenize my card on all merchants?
Yes, you will have to generate unique token for every merchant of your choice
7. What if I don’t want to tokenize my card?
If you do not want to tokenize your card/s, you can continue making purchases by entering the full card details for all your transactions. As per the guidelines, card details will not be saved by the merchant.
8. Do I need to Tokenize my card for offline purchases?
Tokenization is not required for transactions done with a physical card at offline stores.
9. How will I identify which card corresponds to which token?
The last 4 digits of your card will be shown on merchant app / website along with the bank name. Cardholder can identify the card basis the same.
10. What happens if I replace or renew my card?
If your existing card is replaced or renewed, the tokens created on the existing card will expire. You will have to visit the merchant page and create a fresh token by following the instructions available on the merchants’ page. This is to ensure that tokens are not stored with merchants beyond the expiry date of the card.
11. Is there a limit on the number of transactions I can do from a tokenised card?
No, there is no limit to the number of transactions that can be done from a tokenised card.
12. Do I have to tokenise both my primary and add-on cards?
Tokenisation is applicable per card per merchant. Hence, if you wish to tokenise your add-on cards, you will need to generate tokens for them on the merchant website/app.
13. How will COFT affect recurring mandates registered using cards?
Customers may note that in case of recurring mandates already registered using cards, the tokenisation of the stored card will be done in line with extant instructions on card tokenisation; and that e-mandate will continue to be processed as before.
14. What would happen to customer’s actual card data stored with the online stores after the guideline is implemented?
After 1st October 2022, the actual card data would be deleted from the database of the merchants & the payment aggregators.
15. Is Tokenisation applicable for International Card on File transactions?
No. Tokenisation is applicable only for Domestic transactions.
16. What is the difference between suspending & deleting a token?
With both, suspend or delete, a cardholder will not be able to perform any purchase transaction. However, when the token is suspended, it can be moved back to active status to reinitiate purchases, while deleting a token is of permanent nature and the cardholder would need to tokenise again to save payment credentials with the respective merchant.