Home / News / India /  What is debit, credit card tokenisation? What are new rules for online transactions?

Come July 1, merchants, payment aggregators, payment gateways and acquiring banks can no longer store the card details of customers. Businesses and other entities that have stored any such data will have to purge them and apply tokenization. All debit and credit card holders must take a note that the Reserve Bank of India (RBI) has legislated the introduction of tokenisation of card transactions, with a deadline of June 30, 2022.

What is tokenisation of debit, credit cards?

  • Under tokenisation services, a unique alternate code is generated to facilitate transactions through cards. 
  • It is the process of substituting a 16 digit customer card number with a non-sensitive equivalent value, referred to as a token. 
  • This essentially means that a customer's card information will no longer be available on any Merchant, Payment Gateway, or 3rd party that helps in the processing of digital transactions today.
  • With card tokenisation, consumers no longer need to fear saving their card details. 
  • Cardholders will have to give an explicit consent that will be collected for tokenisation.


Ravi Battula, Vice President – Merchant Acquiring Business, Wibmo – A PayU Company said that any major payment system like India should enable safe, quick and affordable digital payments. He added while the payments are getting quicker, faster and affordable safety at scale still remains an opportunity to be beefed up to drive the adoption of digital payments further.

“From a security standpoint if not implemented well. Tokenization ensures standardization for such card on file transactions through higher security standards which is irreversible as compared to existing reversible cryptographic standards," said Ravi Battula.

Post June, there would be some disruptions in the ecosystem as any new change will cause some friction in such massive payment system built over time. "In the long run, tokenization will ensure greater security for any recurring subscription payments initiated by customer or merchant with greater customer controls to see list of merchants where the card is stored and ability to delete, suspend the subscription if needed,"Battula further added.

Why tokenized card transaction is considered to be safer

A tokenized card transaction is considered safer as the actual card details are not shared with the merchant during transaction processing. For transaction tracking and reconciliation purposes, entities can store the last four digits of the card number and the card issuer’s name. The customer’s consent and OTP-based authentication are required for creating a token.

Card tokenisation deadline 

The first RBI deadline to tokenize the card details was June 30, 2021. But at the request of merchants and payment aggregators, as well as card companies and banks, it was extended to December 31, 2021. And the deadline was again extended by six months. The deadline for credit, debit card tokenisation is June 30, 2022.




Sangeeta Ojha

Sangeeta is a Chief Content Producer at Livemint. Writes on personal finance, banking and real estate. She has over 12 years of experience as a journalist with television and digital media
Catch all the Business News, Market News, Breaking News Events and Latest News Updates on Live Mint. Download The Mint News App to get Daily Market Updates.
More Less

Recommended For You

Trending Stocks

Get alerts on WhatsApp
Set Preferences My ReadsWatchlistFeedbackRedeem a Gift CardLogout