Tokenisation FAQs
As per RBI mandate starting 1st January 2022, full card number, CVV and expiry date and any other sensitive information related to cards cannot be stored by merchants for processing online transactions
What is Tokenisation?
Tokenisation refers to replacement of actual or clear card number with an alternate code called the “Token”. This is unique for a combination of card, Token requestor (i.e., the entity which accepts request from the customer for Tokenisation of a card and passes it on to the card network to issue a corresponding Token) and the merchant (Token requestor and merchant may or may not be the same entity).
Where will these Tokens get used?
Once created, the Tokenised card details will be used in place of an actual card number for future online purchases initiated or instructed by the card holder.
What is the benefit of Tokenisation?
How can Tokenisation be done?
The card holder can get the card Tokenised by initiating a request on the App provided by the Token requestor. The Token requestor/merchant will forward the request directly to Bank or Visa/RuPay (card network), with the consent of the card issuer. The party receiving the request will issue a Token corresponding to the combination of the card, the Token requestor, and the device.
Is the Tokenisation guideline applicable for both Credit and Debit Cards?
Is Tokenisation applicable for International Card on File transactions?
How can I manage my Tokenised cards?
Will Tokenisation have any impact on the POS transactions that the card holder does at merchant outlets?
What are the charges that the card holder needs to pay for availing this service?
Who can perform Tokenisation and de-tokenisation?
Are the customer’s card details safe after Tokenisation?
Actual card data, Token and other relevant details are stored in a secure encrypted mode by the card issuing Bank and/or authorized card networks. Token requestor/merchants cannot store full card number or any other card details.
Is Tokenisation of card mandatory for a customer?
No, a customer can choose whether to get his/her card Tokenised. If not Tokenised, starting 1st Jan 2022, the card holder must enter the complete card number, CVV and expiry date every time to complete their online transactions.
How does the process of registration for a Tokenisation request work?
Q14. Can the customer select which card to be used in case he/she has more than one card Tokenised?
Once Tokenised, how will the customer see the card details on the merchant page?
What will happen to the Token once the customer’s card gets replaced or renewed or upgraded?
Will the card Tokenisation need to be done at every merchant?
Can Bank or card network refuse Tokenisation of a particular card?