Tokenisation FAQs

As per RBI mandate starting 1st January 2022, full card number, CVV and expiry date and any other sensitive information related to cards cannot be stored by merchants for processing online transactions

What is Tokenisation?

Tokenisation refers to replacement of actual or clear card number with an alternate code called the “Token”. This is unique for a combination of card, Token requestor (i.e., the entity which accepts request from the customer for Tokenisation of a card and passes it on to the card network to issue a corresponding Token) and the merchant (Token requestor and merchant may or may not be the same entity).

Where will these Tokens get used?

 Once created, the Tokenised card details will be used in place of an actual card number for future online purchases initiated or instructed by the card holder.

What is the benefit of Tokenisation?

A Tokenised card transaction is considered safer since the actual card details are not shared/stored with the merchants to perform the transaction.

How can Tokenisation be done?

The card holder can get the card Tokenised by initiating a request on the App provided by the Token requestor. The Token requestor/merchant will forward the request directly to Bank or Visa/RuPay (card network), with the consent of the card issuer. The party receiving the request will issue a Token corresponding to the combination of the card, the Token requestor, and the device.

 Is the Tokenisation guideline applicable for both Credit and Debit Cards?

Yes, starting 1st Jan 2022, it is mandatory for both Debit and Credit Cards to be Tokenised.

Is Tokenisation applicable for International Card on File transactions?

No, Tokenisation is applicable only for Domestic transactions.

How can I manage my Tokenised cards?

Card holders can visit their nearest branch or call our customer care number to get information of Token or to place deletion request of Token for respective cards.
Customer Care number for- Credit Card: 1800 1200 1500
                                                   Debit Card: 1800 1200 1200

Will Tokenisation have any impact on the POS transactions that the card holder does at merchant outlets?

No, Tokenisation is only required for carrying out the online transactions.

What are the charges that the card holder needs to pay for availing this service?

The customer does not need to pay any charges for availing the service of Tokenisation of the card.

Who can perform Tokenisation and de-tokenisation?

Tokenisation and de-tokenisation can be performed only by the card issuing Bank or Visa, who are referred to as authorized card networks.

Are the customer’s card details safe after Tokenisation?

Actual card data, Token and other relevant details are stored in a secure encrypted mode by the card issuing Bank and/or authorized card networks. Token requestor/merchants cannot store full card number or any other card details.

Is Tokenisation of card mandatory for a customer?

No, a customer can choose whether to get his/her card Tokenised. If not Tokenised, starting 1st Jan 2022, the card holder must enter the complete card number, CVV and expiry date every time to complete their online transactions.

How does the process of registration for a Tokenisation request work?

The registration for a Tokenisation request is done only with explicit customer consent through Additional Factor of Authentication (AFA).

Q14. Can the customer select which card to be used in case he/she has more than one card Tokenised?

For performing any transaction, the customer will be free to use any of the cards registered with the Token requestor/merchant.

Once Tokenised, how will the customer see the card details on the merchant page?

The customer will see the last 4 digits of the card on the merchant page.

What will happen to the Token once the customer’s card gets replaced or renewed or upgraded?

The customer will need to visit the merchant page again and create a fresh Token.

Will the card Tokenisation need to be done at every merchant?

Yes, a Token must be unique to the card at a specific merchant. If the customer intends to have a card on file at different merchants, then Tokens must be created at all the merchants.

Can Bank or card network refuse Tokenisation of a particular card?

Based on risk perception, etc., card issuing Bank or card network may decide whether to allow cards issued by them to be registered by a Token requestor/merchant.
 

Try saying something

Search by filters