Know the new RBI rules on debit and credit card tokenization


The Reserve Bank of India (RBI) will soon implement card tokenization in India. The card tokenization system is expected to start from October 1, 2022. Under this system, all credit and debit card information required during an online transaction will be replaced with independent tokens. The actual card details will be replaced by another code called a “token” during a transaction.

What is card tokenization?

As part of the card tokenization process, the credit/debit card details are replaced with a token. Simply put, card details such as 16-digit number, names, expiration dates and codes are replaced with a token. The token is used by the merchant’s website for the transaction.

Reason for card tokenization

RBI is preparing to set up the bank card tokenization system in order to secure customers’ bank details. Currently, bank card details are recorded by a merchant during a transaction. If the merchant’s website is hacked, customer details will be exposed. Once the tokenization system is in place, the customer information will be with the bank and not with the merchant.

How does the tokenization system work?

  • A customer must visit the merchant’s website and select the preferred card options for payment.
  • Next, the customer must enter all the details. If the website wants the user to store card details for faster payment, the user will get an option “secure your card according to RBI guidelines”. The user must accept the option to generate a token as per RBI guidelines.
  • The user then receives a one-time password (OTP) on his smartphone or by e-mail. The OTP must be entered on the bank page. Then the card details are sent for token generation.
  • The generated token is sent to the merchant. The token is stored by the merchant against the customer’s credentials.
  • Each time the user chooses to make a transaction on a merchant site, a new token is generated.

About Author

Comments are closed.