Last Updated on Dec 23, 2021 by Ayushi Mishra

The Reserve Bank of India (RBI) has demanded that all enterprises in India erase stored credit and debit card data from their systems by 1 January 2022. As a result, whether you buy on any online platform like Flipkart, Amazon, or Myntra, your 16-digit card number and expiration date will not be kept on the website. Instead, you must make the card payment through a procedure known as ‘tokenization.’

RBI card tokenization guidelines

In September 2021, the RBI published new instructions, allowing enterprises till the end of the year to comply with the requirements and providing them the option to tokenize. The Reserve Bank of India has demanded that all enterprises in India erase stored credit and debit card data from their systems by 1 January 2022.

Card tokenization

Tokenization is a procedure that replaces card details with a unique code or token generated by an algorithm, allowing online purchases to take place without disclosing card details in an effort to increase data security.

However, merchants and bankers are concerned that with only a few days remaining to deploy tokenization, there would be significant disruption across online payment networks in the new year.

What debit and credit cardholders must do starting 1 January 2022?

  • You begin a transaction with a merchant.
  • The merchant commences tokenisation by requesting your permission to tokenize the card.
  • When you grant approval, a tokenisation request is issued to the card network.
  • The card network generates a token that serves as a proxy for the card number and returns it to the merchant.
  • Tokenization must be performed again when making a payment to a new merchant or with a different card.
  • The merchant keeps the token for future transactions.
  • You authorise transactions using card verification value (CVV) and one-time password (OTP).

Why are merchants and bankers so concerned?

According to Reuters, merchants and bankers believe that they were not given enough time to comply with the changes, and opting out of tokenisation would require a consumer to manually punch in their card data each time they made an online transaction, which may turn off some customers.

Ayushi Mishra