Disclaimer: The views expressed in this article are those of the author and do not necessarily reflect the views of the Economic Times – ET Edge Insights, its management, or its members


For all purchases done online, in stores, or with mobile apps, the Reserve Bank of India (RBI) has mandated tokenisation. It is a procedure in which the 16-digit card number is replaced with a randomly generated token that acts as a reference to the card. As of October 1, 2022, payment aggregators, merchants, and wallets can no longer save or store customers’ card numbers, three-digit CVV, expiration dates, and other sensitive card data. Any such information that was previously stored will have to be deleted.

The first RBI deadline to tokenise card details was June 30, 2021, which was extended three times and ultimately moved to September 30, 2021, mostly at the request of merchants, payment aggregators, card firms, and banks.

What is tokenisation of cards?

Card tokenisation is the process of protecting sensitive data of your credit and debit cards by replacing it with secure alternate code called a token. The randomly generated token, according to RBI, will be unique for a combination of card, token requestor (the company that takes a customer’s request for tokenisation of a card and forwards it to the card network), and device (referred to hereafter as “identified device”).

How beneficial is tokenisation

Tokenising cards eliminates the need to scan them at checkout, which will reduce transaction time and improve efficiency. Users can save a digital replica of their card on their smartphone. So, you don’t need to carry a physical card.

 Is tokenisation safe?

The purpose of tokenisation is to make online payment processing safer for customers by providing an additional layer of security for users while making digital payments. RBI says that a tokenised card transaction is secure because the customer’s actual account information is never stored in the merchant’s payment environment, just the token. This information is useless even if it were to get into the wrong hands.

With tokenisation, banks, merchants, and third-party payment providers like digital wallet operators can all accept and process mobile and online payments without sharing sensitive account information. Currently, tokenisation is permitted by RBI for all mobile phone and tablets.

How to tokenise your card: A step-by-step guide

RBI has outlined the tokenisation process in six simple steps in a tweet on @RBI

  • Go to an e-commerce website or online application to purchase products and start the transaction
  • During checkout, enter the details of your debit or credit card that you previously saved as a payment method or choose your preferred payment card options for the transaction as well as any other information.
  • Choose “secure your card as per RBI guidelines” or ‘tokenise your card as per RBI guidelines”
  • Complete the transaction by entering the OTP sent to your mobile phone or email by your bank.
  • A token will be created, and the tokenised card details will be stored in place of the actual card number
  • The saved card’s last four numbers will be displayed the next time you visit the same e-commerce platform or merchant’s website. This signifies that the credit or debit card has been tokenised.

Concluding Thoughts

The next generation of contactless payments could be enabled via tokenised cards. Tokens do not contain the primary account number of the consumer, lowering the danger of storing tokens on mobile devices, online merchants, and in cloud-based mobile apps. This makes it harder for hackers to access sensitive information stored on credit cards.

If you do not choose tokenisation, your card information will not be kept. Therefore, you will be required to manually enter your entire card number every time you use it to buy something on that website. Experts recommend tokenising your credit cards and debit cards because it adds an extra layer of security and protects your card information online.

Disclaimer: The views expressed in this article are those of the author and do not necessarily reflect the views of the Economic Times – ET Edge Insights, its management, or its members