From 1st January, 2022, making online payments using cards will be more secure and safer. The merchants will not be able to store critical card information for processing online payments as per RBI Mandate.

Let us understand the online cards payment journey transformation from 1st January, 2022

What will be the change in the process of online digital payments?

The merchant will not be storing your confidential card details. In place of the card number, they will be storing an alternative code called “Token” which will replace the card number and the process is called tokenisation of cards.

What will be the steps to tokenise the card?

The customer can get their card tokenised by initiating a payment request to save card on the website/app provided by the merchant. The process will be similar to the process of saving cards. The customer has to provide consent one for time for the cards to be tokenised.

Can the token be used again?

Once the token is created, the Tokenised card details will be used for actual card number for future online purchases on the same merchant.

Who are allowed to performed tokenisation and detokenization?

To make the process of online card payments more secure, tokenisation and detokenization can be performed by issuing bank and authorised card holders like VISA/ Mastercard/ American Express/ Rupay.

Do we need to create tokens on individual merchant separately?

Yes, the customer needs to create token(save card with consent) on each merchant individually. This will be a onetime exercise. Once the token is created, the same can be used for future transactions with the customer’s consent.

Why should one opt for tokenisation?

Everyone should opt for tokenisation as a tokenised card will be safer for making transactions as the merchant is not allowed to store card details like card number, cvv, expiry.

Do we need to do tokenisation for both Domestic and International payments?

As on 1st January 2022, tokenisation is only appliable for domestic online payments and there is no provision for international paymen

Do we need to perform tokenisation for both Debit and Credit Cards?

Yes, both Debit card and Credit cards have to be tokenised on different merchants individually.

Do we need to do tokenisation for every mode of payment like POS, ATM and Tap and Pay?

Tokenisation of card is only for online domestic payments (Domestic E-Com payments).

Do we need to pay some one time or recurring charges to avail the service?

The service of tokenisation is completely free of cost for the customer. There is no one time charges or recurring charges for availing this service.

How can we manage the tokenised cards?

The bank will provide a customer support number through which the customer can call and check/delete their tokenised cards from the issuer bank from any merchant.

Where should we reach if there is any issue with the tokenisation process?

The customer should reach out to card issuing bank for bank for any issues regarding tokenisation.

Do we need to mandatorily create tokenisation for our cards?

This is not a mandatory requirement for the customer to create tokenisation for their cards. If the customer chooses not to tokenise their card, the customer needs to enter the card number, expiry and CVV details every time to make their online payments.

How will the card will be displayed on the merchant site after tokenisation?

The saved card in token format will be displayed to the customer with last four digits of the card on the merchant page.

What will happen if the customer reissue / renew / replace / upgrade their card?

The customer needs to create new token for the reissued / renewed / replaced / upgraded card.

Can a card issuer refuse tokenisation of a particular card?

As per the different risk parameters and risk engine enabled by the issuer, the card issuers may decide whether to allow cards issued by them to be registered by a token requestor / merchant.