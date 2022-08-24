With a view to enhance the security during online payments made by credit and debit cards and also to improve the payment experience for cardholders, the Reserve Bank of India (RBI) has mandated that that all credit and debit card data used in online, point-of-sale, and in-app transactions will be replaced with unique tokens by September 30, 2022.

Since many entities, including merchants involved in an online card transaction chain, store card data like card number, expiry date and more, the availability of a users' card data with multiple entities increases the risk of data breach, which can misused for fraudulent transactions.

Hence, RBI has stated that 'tokenisation' of cards will be implemented and that other than card issuers and card networks, no other entity can store card data.

What is Tokenisation of credit/debit cards?

Tokenisation simply is the process of substituting card details with an alternate code known as a token, so users don't have to give away their sensitive card details to any payment aggregator, payment merchants or wallets, while making payments with cards online.

As per the RBI, "Tokenisation refers to the replacement of actual card details with an alternate code called the “token”, which shall be unique for a combination of card, token requestor (i.e. the entity which accepts request from the customer for tokenisation of a card and passes it on to the card network to issue a corresponding token) and device.

The RBI also states that Tokenisation is only applicable on domestic cards and an be done free of charge.

Here's a step by step guide on how to tokenise your cards

The RBI says that there are six simple steps to get you cards tokenised:



Step 1 - Go to any e-commerce /merchant website or an app and start a payment transaction.

Step 2 - During check-out, enter details of your debit/credit card. Alternatively select your preferred bank's debit/credit card saved earlier as payment meathod, and enter other details.

Step 3 - Select the checkbox that says “secure your card” or “save card as per RBI guidelines”.

Step 4 - Enter the OTP that is sent on your registered mobile number or email address by the bank and complete the transaction.

Step 5 - Your token will be generated and saved instead of your card.

Note- When you visit the same website or app again and make a payment, you will not have to enter all details again, as the last four digits of your saved card will be displayed to help you identify your card.

Is tokenising your cards compulsory?

As of August 1, the government has not made the adoption of tokenisation by consumers mandatory. Those who don't want to create a token can carry on with their transaction as usual by manually entering their card information.

According to the RBI's mandate, by September 30, 2022, all stakeholders however are advised to adopt alternative methods, be prepared to handle tokenised transactions, and create public awareness of the tokenisation processes.