All about RBI’s tokenization push, the what-why-how?

You might have observed that whenever you log in for online shopping, travel booking or any other app, you have your card saved on their platform, through which you quickly make your payment. However, you will no longer need to save your card details in any online apps, thanks to RBI's push for tokenization.

What Is Tokenization?

Well, tokenization is the process of replacing the actual card number with a unique code known as a 'Token.' This means that your card details are not revealed to the merchant.

  • Now, if the token is compromised or gets in the hold of any fraudster, it will be of no value to him as these tokens can't reveal the client's data and also, this token isn't saved in the client's device.

  • The good thing for us as customers is that this token is unique for each combination of card, token requestor, and merchant.

Reasons For Tokenization?

  • With the rise of the digital economy, data thefts have also been a growing concern in recent years, leading the RBI to introduce tokenization, which adds an extra layer of security.

Who can use tokenization?

  • Currently, it is only available for payment via mobile devices, like smartphones and tablets.

  • It only applies to domestic transactions and not to international transactions. You can opt for tokenization in some apps on your phone right now.

Process Of Tokenization

For better understanding, let us take an example. Suppose you are shopping from Flipkart, & you have an HDFC bank Visa card.

  • While shopping, you will be required to enter the token no of your card to make payment on the payment page.

  • You can initiate a token request on the website or app provided by the merchant (Flipkart) or token requestor.

  • You will enter your card details once on the website provided.

  • The token requestor or the merchant will forward your request to your card owning bank (HDFC) or to the card network (Visa).

  • Then any one, i.e., bank or card network will issue token matching to the number of cards (proxy number) to the token requestor.

  • Then you will get the token number with which you can make the payment.

  • From next time whenever you shop from Flipkart, you will have to pick your saved token number at checkout time.

Difficulties Due To Tokenization

With the introduction of every new technology, there come some drawbacks. In this case, merchants claim that their backend systems aren't ready to handle these changes. As per the merchants, any interruptions in the payment system might lose customers' trust.

  • According to the experts, online merchants might lose up to 20%-40% of their revenue due to tokenization.

  • A customer will have the option to choose tokenization or not. But if he will not choose, then the customer will have to enter card no, CVV, expiry date every time they make payment on the online app.

Date Of Complying With Merchants

Earlier, merchants and payment aggregators were to comply with the rule of RBI of not storing card details for online transactions w.e.f. Jan 1, 2022.

  • RBI has now revised the deadline, extending it by six months.

  • Any previously saved data relating to cards with the merchants will be removed.

  • The card details will be kept with card issuers (e.g., banks) and card networks (e.g., Rupay, Visa).

  • Starting from July 1, 2022, both Debit and Credit cards must be 'Tokenised.'

  • No charges will be charged from the customer to avail of the tokenization service.

Similar Moves By RBI In The Last Five Years

The RBI has prioritized security measures for digital payments to ensure consumer safety, such as the necessity of Additional Factor of Authentication (AFA).

  • Further, RBI has a mandate to provide online notification alerts for every transaction made.

  • Also, it started a pilot test in August 2020, under which small value transactions were done offline via bank, cards, and wallets.


  1. FIS Global

  2. Get Daily Brief

  3. The Print

  4. RBI

  5. Economic Times

15 views0 comments