Tokenize your debit card, credit card for safe online transactions from Oct 1

If online is your preferred mode of payment, you can use a virtual code instead of exposing your actual card details to shield against data thefts and financial frauds from Saturday, as RBI norms on card tokenization come into force.

Card-on-file Tokenization (CoFT) is a process through which the actual details such as the 16-digit number, expiry date on a credit or debit card are replaced by a virtual code which is unique for that card, merchant point where it is to be used and the token requestor (or the card user).

As per RBI guidelines, payment aggregators, wallets and online merchants (entities in card transaction/payment chain other than card issuers/card networks) cannot store any sensitive card-related customer information including full card details from October 1, 2022.

The guidelines were to actually come to effect from July 1 this year. However, RBI allowed another three months for the norms to kick in as all the players involved were not ready for the new system by then.

For cardholders' interest, it is important to note that tokenisation is meant for online/e-commerce transactions only as this is where their data usually gets stored. For face-to-face or point of sale (PoS) transactions, tokenization is not applicable as it involves no storage of data.

Though it is not mandatory for cardholders to tokenize their cards, it is considered a safer mode of transaction as actual card details are not shared/stored with the merchants.

SBI Card, India's only pure-play credit card issuer promoted by the country's largest lender has already integrated the required changes.

"We are ready to launch this as per the given RBI deadline," Rama Mohan Rao Amara, MD & CEO, SBI Card said.

He said Card-on-File Tokenization (CoFT) is a positive and progressive move by the regulator to enhance security for the customers. The majority of the ecosystem partners, including merchants, are prepared to meet the deadline.

"Such changes might have minor issues initially but once past those, the overall impact on the customer safety and overall user experience is better. The success rate of tokenized transactions is higher and is expected to improve. As a compliant and customer first organization, we have already integrated the required changes," Amara said.

Ahead of the tokenisation norm to come into force from Saturday, RBI Deputy Governor T Rabi Sankar told reporters on Friday that as many as 35 crore cards have been tokenized and the system is ready for the new norms.

As per official data, the total number of debit and credit cards in the system stands at over 101 crore as at August end.

Card tokenization also makes transactions speedy and easy as it will obviate the need to enter the card details every time a transaction is made on the merchant site.

If you do not tokenize your card, you will end up filling the full card details manually every time you are doing a transaction.

As the tokens are unique, a multiple cardholder can generate as many tokens they want.

One can generate a token through a registration process instructed by the online merchant entailing filling up the card details followed by verification via OTP. A token will then be generated which can be saved by the online merchant.

Sanjeev Moghe, President and Head- Cards & Payments, Axis Bank said with tokenization, the customer will have to do a one-time tokenization and the subsequent transaction will be easy as current ones.

He said Axis Bank is fully compliant with the new guidelines.

"We have been communicating this to our customers via SMS and emails and have also created detailed FAQs for customers to know more. All our service touchpoints are fully equipped to handle customer queries on tokenization.

"This move by the RBI will enhance the card security framework for digital transactions," Moghe said.

In case of any data breach or hacking attempt at the merchant's end, the customer's card details will be protected, the official added.

PayU, which provides payment gateway solutions to online businesses, said it has successfully tokenized over 50 million (5 crore) cards.

The company said it can tokenize 90 per cent of all domestic transactions, as it is live with India's largest payment networks - Visa, Mastercard, and RuPay.

"We have already integrated some of the largest merchants in the country, and as the deadline approaches, we look forward to helping more businesses and their customers with a smooth transition," Manas Mishra, Chief Product Officer, PayU said.