Entering card details every time you shop online can be such a tiresome experience. It often plays damp squib, dulling out the thrill of impulsive shopping. In fact, consumers cite this tedious process as one of the primary reasons for cart abandonment.
COFT, the savior
This is where ‘Card on File Transaction’ (COFT) emerges as a savior for both consumers and businesses. This functionality pops up on the customer screen, requesting explicit permission to save card details for subsequent payments.
As the need to re-enter card detail is eliminated, COFT enables a seamless and convenient checkout process with lesser cart abandonments. It also boosts the chances of recurring impulse purchases.
So, the next time you shop for your favorite shoe or that gourmet chocolate bar, you need not enter your card information. Instead, you only need to enter the CVV (the three digits in the magnetic strip) to pay for your purchase.
Sounds amazing, isn’t it?
We’re sure you can’t wait to understand the techno-functionality behind this incredible system.
Here you go!
First things first. We’ll cover what COFT actually is. And then, let’s delve into the latest RBI guideline and the mandate’s impact on the ecosystem players.
What are Card On File Transactions?
Card on File transactions are the stored card credentials available with a merchant, payment gateway or aggregator, or digital wallet. Used for future transactions, the card on file will store relevant details in encrypted format except for the CVV number. However, explicit consent from customers is necessary to store card details.
The Card on File functionality is a two-stage process.
First Stage
Here the card details are entered for the first time on the website. After authorizing the transactions with two-factor authentication, the cardholder will be presented with an option to save card details for future purchases. If the cardholder opts in, the card details (except CVV) will be saved in an encrypted format.
Second Stage
In this stage, the cardholder will just enter their card CVV number every time they initiate a transaction. There is no need to re-enter card details.
How RBI’s latest mandate applies to Card on File Transactions?
Reserve Bank of India’s latest mandate has extended the scope of tokenization to COF transactions. The circular released in January 2019 and August 2021 carried a device-based tokenization framework, and the same has been now extended to COF transactions as well.
Meaning card issuers can also offer card tokenization services as Token Service Providers (TSPs), but they will require explicit consent from customers, including Additional Factor of Authentication (AFA). They will also have the control of tokenization and de-tokenization of the card data.
Furthermore, the scope of tokenization has been extended to consumer devices such as laptops, desktops, wearables, Internet of Things (IoT) devices. The circular was issued to reinforce the safety and security of card transactions whilst not disrupting convenience.
What is the impact of these latest guidelines on the ecosystem players?
Subscription payments will be impacted as the new guideline requires explicit customer consent even five days before the recurring transaction. There is also a high chance that the customer may end up missing payment notifications and might miss or default on the payment. This guideline implementation must have been completed before 30th September 2021 by Banks.
All merchants, banks, payment aggregators, payment gateways, and NBFCs must make technical and protocol changes to their current recurring payment functionalities and Card on File data. This structural change will include a significant cost to the players as they must effect a strategic and operational change.
With these new guidelines, the merchants will have to rely on the acquiring banks to address the concerns of customer complaints, chargebacks, and so on. Customers may choose to opt for different payment methods if they fail to experience a seamless shopping experience while initiating card transactions.
Tokenization, the security booster
With the introduction of these guidelines, the only remedy available to enhance security is tokenization. It can be used for one-time and recurring payments, thereby freeing merchants from the hassle of storing sensitive data.
So, how does tokenization work?
Tokenization replaces debit or credit card details with a unique set of characters or tokens that will process transactions without exposing the cardholder’s sensitive account details.
Here is how tokenization happens.
- A credit/debit card is swiped at POS or on an e-commerce website
- The card number will then be transferred to the tokenization protocol
- The system will generate a random alphanumeric string, also known as “Token ”, to mask the original card number
- The token will be routed to the merchant for further processing
For example, card-carrying numbers 4781 2345 1235 3391 will be replaced as A2C0 9JUI 8S2F 7GKY when initiating a transaction.
The safe and secured digital transaction is now possible with Tokenization! Explore more.
Conclusion
Tokenization will protect card data from hackers as it is extremely hard to reverse the token to access the original card data.
Now, there is a paramount need to develop and deploy solutions that satisfy both the cardholder and still be in check with RBI guidelines.
0 Comments