Steps to tokenize and everything you need to know

By Anshul STI (Update)


What are RBI’s new tokenization standards and what does it mean for debit and credit card customers? Keep reading to find out

The rules for online payments for debit and credit cards will change from October 1 in line with the Reserve Bank of India (RBI) vision to make electronic payment options safe, secure, convenient, fast and affordable . The central bank has mandated the banks to create tokens for the card details.

The mandate mandates the masking of sensitive identifying information such as 16-digit card numbers, names, expiration dates and codes with a unique alternate card number “token” and the process is known as tokenization name.

Here’s everything you need to know about the new rule:

What types of cards will be affected?

What’s going on right now?

When customers purchase from an e-commerce site for the first time, they are asked to provide the 16-digit debit card number and then the CVV code. However, when they buy another item on the same platform, they can see that the site has already registered the 16 digit card number and they just have to enter the CVV, then the OTP is generated by the bank to make the purchase.

What will change now?

Platforms will not be able to store a buyer’s card credentials in any form.

With the new RBI order, a buyer will have to enter all their card details when they buy something. After receiving consent, merchants can retrieve the card token from the respective card scheme or issuing bank, and store the details for future use by the customer.

“For the end customer, this process is completely transparent and similar to their previous experiences. Behind the scenes, merchants now need to adopt higher security standards to store the card in tokenized form,” said Ravi Battula, VP – Merchant Acquiring Business, Wibmo in a conversation with

What is the benefit of tokenization?

According to Prashant A Bhosle, founder of Kuhoo Fintech, the new initiative will protect sensitive data while maintaining its business utility.

“With tokenization, customer details will be secure. Therefore, the regulator’s intention is to address the issue by mandating card tokenization. Responsibility for card security now rests with banks and processors, not to merchants, which is now one of the main benefits for the industry, merchants and especially customers,” he said.

Generated tokens are irreversible and unique, making it impossible to reverse engineer the payment process to obtain card details. They also minimize chargebacks, disputes and fraud, thereby building consumer confidence in card payments, helping the industry increase consumer adoption.

“Although customers may encounter disruption and friction in the early stages, but in the long term, it is indeed a good measure to make payments safe and secure in a scalable way,” Battula said.

What are the steps to tokenize the cards?

Now, while consumers are entering all card details on the merchant’s website, they will be given an option to “secure your card as per RBI guidelines”. The consumer must opt ​​in to this option to generate a token.

During this time, the customer will receive an OTP on the mobile device or by email from the card issuer. The OTP is entered on the bank page and the card details are sent for transaction authorization and token generation. The token is sent back to the merchant, who then stores it along with the consumer’s data, i.e. their mobile phone number or email address.

This entire process requires consumer consent, making it an essential service for every consumer to protect their data that could be exposed if not tokenized, said Amit Kumar – Chief Technology Officer and Executive Director from Easebuzz.

Comments are closed.