After allowing users to link credit cards with UPI, India’s central bank RBI is now ready to enforce card tokenization in India. Amid all this, many users are wondering what exactly is card tokenization and why apps and websites are suggesting users to secure their credit and debit cards, as per RBI’s new guidelines. So to clear all your doubts, we bring an explainer of what is card tokenization and why you should opt-in. We have also mentioned the need for card tokenization in a country like India, along with its advantages and disadvantages. On that note, let’s learn about RBI’s new guidelines for card tokenization in detail.

In this article, we have discussed and explained everything about RBI’s card tokenization effort and what it entails for consumers in India. You can learn about the pros and cons of card tokenization, the need for card masking, and more. Expand the table below and move to any section you want.

What is Card Tokenization?

Since at least 2019, the RBI has been pushing the payments industry in India to adopt card tokenization in order to protect and enhance the security of online card transactions. But what exactly is card tokenization and how does it work? Well, let me explain with an example.

And if you keep up with the happenings in the finance industry, we have seen many data breaches of late. Popular Indian websites and digital payments apps were hacked and card details were dumped in plain text on the dark web. The MobiKwik and Domino’s India data leaks are still fresh in our memory. So, as you can tell, if you save your private card details on cloud servers of several such online apps and websites, your data becomes prone to data breaches and leaks.

While some websites may have the highest security in place to protect your card details, some of them might not be complying with the global standards of security. For malicious actors, having your card details spread over multiple servers with a varied level of security opens up more avenues for hacking. The RBI now wants to change the digital payments situation and standardize the security of all online card transactions with something called “tokenization”.

Apart from that, the onus to protect your card details will no longer be on merchants — apps, websites, payment processors like RazorPay, or banks. To sum up, card tokenization is a mechanism introduced by the RBI to protect domestic card transactions using random strings of tokens instead of sharing your private card details. As for how it works, move to the next section.

The way card tokenization work is simple. When you choose to tokenize a card, the card network (e.g. Visa, MasterCard, etc.) issues the token with the consent of the bank and shares it with the merchant. For instance, if you save an SBI Visa debit card on Paytm as per RBI’s guidelines, then Visa will generate the token, taking consent from SBI, and will share the token with Paytm. To find all the authorized card networks in India, click on this link.

As mentioned above, the frequent data breaches, leaks, and hacks in the digital era have forced the RBI to come up with card tokenization. Not to mention, apps, websites, payment processors, and all the intermediaries having different standards of security pose a threat to our digital security. Credit and debit card tokenization will eliminate the burden of security on merchants and intermediaries. Moreover, it will standardize the security protocol across all channels. For convenience, users are increasingly saving their card details on websites and apps so card tokenization will really help in securing credit and debit cards on the web.

Card tokenization has many advantages. To begin with, your card details will not be shared with the merchant — be it an app or a website. Apart from that, payment processors and other parties will not be able to access any of your private card details. With a uniquely generated code, your card transactions will be carried out without worrying about card fraud.

Besides that, you will be at ease while saving cards on e-commerce websites knowing that only the token is shared with the merchant. Also, card networks claim that it will reduce false claims as transactions done using card tokenization will suggest high-grade security.

What Changes for Customers?

To make it clear, you don’t need to re-enter card details for each transaction, if you choose to tokenize the card. The whole point of tokenization is to secure saved cards on apps and websites with a global standard of security. With tokenization, the saved cards will be stored with card networks (and not merchants). Only a token will be shared with the merchant to identify and validate the card during a transaction.

The RBI has been working on card tokenization since 2019 and had decided to enforce it from January 1, 2022. However, due to pushback from merchants and payment processors fearing disruption, RBI extended the tokenization norms to June 30, 2022. Then, RBI again extended the full rollout to July 31, 2022, and now to October 2022.

It seems RBI is now entirely ready for enforcing card tokenization after delaying the rollout for many months. Recent reports suggest that come October 1, 2022, it will become mandatory to tokenize your credit and debit cards if you want to save card details on the app or website. If you don’t do so, your card will be deleted from merchants’ servers. Henceforth, you will have to re-enter card details every time you transact online.

What is Card Tokenization in India?

Is it mandatory to tokenize your card?

No, there are no charges associated with tokenizing a card. You can do it as many times as you want.