Skip to content
Related Articles
Open in App
Not now

Related Articles

Tokenization of Card

Improve Article
Save Article
  • Last Updated : 01 Nov, 2022
Improve Article
Save Article

Earlier, RBI decided to enforce the circular “Restriction on Storage of Actual Card Data [Card-on-File]” from January 1, 2022. After consultation with all stakeholders,  it is observed that they are not yet prepared, so it has been decided to extend the timeline for storing CoF data till Sept 2022. This directive is issued under Section 10(2) read with Section 18 of the Payment and Settlement Systems Act 2007. (Act 51 of 2007).

What is Card Tokenization:

Tokenization is a process of replacing real debit & credit card details (16-digit card no, expiry, CVV) which are sensitive in nature with a non-sensitive randomly generated unique code known as a token.

Working of Tokenization :

When a user registers card details, the Token Requestor sends a request to Authorised Card Network (NPCI, VISA, etc) then the actual card is replaced with a  token corresponding to the combination of the card, token requestor, and the device by Card Network.

To process payment, the Payment gateway (PG) passes the token to the Card Network to validate it then Card Network will detokenize it and match it with the card details in its database. If it matches then the Card network allows Payment Gateway to make transactions.

Card details are not stored in the user’s device, not in merchants (Amazon, Flipkart, etc) database, and not with Payment Gateway. Only  Authorised Card Network stores the card details or CoF data.

According to RBI, devices that are allowed to enable tokenization – are mobile, tablet, laptop, desktop computer, wearable (wristwatch, band, etc ), Internet of Things (IoT) devices, etc.

Since, the token is unique for a combination of cards, token requestors & devices. So this token shall play a meaningful role only in that system (token requestor & device) that has generated it.
i.e., the same token can’t do successful transactions on different devices ( device other than which was used to generate it)  

Need for card Tokenization :

Digital transaction in India has soared during the pandemic along with development in technology. The risk of card data is a major concern. Many entities involved in online card transactions like Amazon, Flipkart, etc. store card details such as card number, expiry, and CVV. This practice provides convenience in transactions but storing card details on multiple platforms increases the risk of being misused of the card.

After the implementation of Card tokenization, merchants will not be allowed to save/store your actual card details, this prevents customers from data leaking.

Benefits :

1) Customer safety: A tokenized card transaction is considered safer as the actual card details are not shared with the merchant.

2) Secure: If a fraudster gets hold of the token details by any means, he cannot use the token for payment because he won’t have the same device from which the token has been generated. This is a great advantage of card tokenization.

My Personal Notes arrow_drop_up
Related Articles

Start Your Coding Journey Now!