Last Updated on Dec 23, 2021 by Ayushi Mishra

The Reserve Bank of India (RBI) has demanded that all enterprises in India erase stored credit and debit card data from their systems by 1 January 2022. As a result, whether you buy on any online platform like Flipkart, Amazon, or Myntra, your 16-digit card number and expiration date will not be kept on the website. Instead, you must make the card payment through a procedure known as ‘tokenization.’

RBI card tokenization guidelines

In September 2021, the RBI published new instructions, allowing enterprises till the end of the year to comply with the requirements and providing them the option to tokenize. The Reserve Bank of India has demanded that all enterprises in India erase stored credit and debit card data from their systems by 1 January 2022.

Card tokenization

Tokenization is a procedure that replaces card details with a unique code or token generated by an algorithm, allowing online purchases to take place without disclosing card details in an effort to increase data security.

However, merchants and bankers are concerned that with only a few days remaining to deploy tokenization, there would be significant disruption across online payment networks in the new year.

What debit and credit cardholders must do starting 1 January 2022?

  • You begin a transaction with a merchant.
  • The merchant commences tokenisation by requesting your permission to tokenize the card.
  • When you grant approval, a tokenisation request is issued to the card network.
  • The card network generates a token that serves as a proxy for the card number and returns it to the merchant.
  • Tokenization must be performed again when making a payment to a new merchant or with a different card.
  • The merchant keeps the token for future transactions.
  • You authorise transactions using card verification value (CVV) and one-time password (OTP).

Why are merchants and bankers so concerned?

According to Reuters, merchants and bankers believe that they were not given enough time to comply with the changes, and opting out of tokenisation would require a consumer to manually punch in their card data each time they made an online transaction, which may turn off some customers.

Ayushi Mishra
Notify of
Inline Feedbacks
View all comments

The blog posts/articles on our platform are purely the author’s personal opinion and do not necessarily represent the views of Anchorage Technologies Private Limited (ATPL) or any of its associates. The content in these posts/articles is for informational and educational purposes only and should not be construed as professional financial advice. Should you need such advice, please consult a professional financial or tax advisor. The content on our platform may include opinions, analysis, or commentary, which are subject to change, without notice, based on market conditions or other factors. Further, the use of any third-party websites or services linked on the website is at the user's discretion and risk. ATPL is not responsible for the content, accuracy, or security of external sites. Investments in the securities market are subject to market risks. Read all the related documents carefully before investing. Registration granted by SEBI, membership of BASL (in case of IAs) and certification from NISM in no way guarantee performance of the intermediary or provide any assurance of returns to investors. The examples and/or securities quoted (if any) are for illustration only and are not recommendatory. Any reliance you place on such information is strictly at your own risk. In no event will ATPL be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of, or in connection with, the use of this website.

By accessing this platform and its blog section, you acknowledge and agree to the Terms and Conditions of this website, Privacy Policy and Disclaimer.