{"id":522,"date":"2024-06-30T00:00:37","date_gmt":"2024-06-29T18:30:37","guid":{"rendered":"http:\/\/wp.razorpay.in\/?p=522"},"modified":"2025-03-21T16:23:14","modified_gmt":"2025-03-21T10:53:14","slug":"tokenisation-and-its-impact-on-online-payments","status":"publish","type":"post","link":"https:\/\/razorpay.com\/blog\/tokenisation-and-its-impact-on-online-payments\/","title":{"rendered":"What is Tokenisation? Payment Tokenization, Types, Uses and Benefits"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_80 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-69eff19c20c55\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-69eff19c20c55\"  aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/razorpay.com\/blog\/tokenisation-and-its-impact-on-online-payments\/#What_is_Tokenisation\" >What is Tokenisation?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/razorpay.com\/blog\/tokenisation-and-its-impact-on-online-payments\/#What_is_Payment_Tokenization\" >What is Payment Tokenization?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/razorpay.com\/blog\/tokenisation-and-its-impact-on-online-payments\/#What_is_a_Token\" >What is a Token?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/razorpay.com\/blog\/tokenisation-and-its-impact-on-online-payments\/#How_Tokenisation_Works\" >How Tokenisation Works?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/razorpay.com\/blog\/tokenisation-and-its-impact-on-online-payments\/#Faultl%D0%B5ss_Tok%D0%B5nisation\" >Faultl\u0435ss Tok\u0435nisation<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/razorpay.com\/blog\/tokenisation-and-its-impact-on-online-payments\/#8_Benefits_and_Uses_of_Tokenization\" >8 Benefits and Uses of Tokenization<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/razorpay.com\/blog\/tokenisation-and-its-impact-on-online-payments\/#The_History_of_Tokenisation\" >The History of Tokenisation<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/razorpay.com\/blog\/tokenisation-and-its-impact-on-online-payments\/#Different_Types_of_Tokenisation\" >Different Types of Tokenisation<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/razorpay.com\/blog\/tokenisation-and-its-impact-on-online-payments\/#Difference_between_Tokenisation_and_Encryption\" >Difference between Tokenisation and Encryption<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/razorpay.com\/blog\/tokenisation-and-its-impact-on-online-payments\/#Tok%D0%B5nisation_in_India\" >Tok\u0435nisation in India<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/razorpay.com\/blog\/tokenisation-and-its-impact-on-online-payments\/#What_is_the_Impact_of_Tokenisation_on_Online_Businesses\" >What is the Impact of Tokenisation on Online Businesses?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/razorpay.com\/blog\/tokenisation-and-its-impact-on-online-payments\/#What_is_the_Impact_of_Tokenisation_on_Customers\" >What is the Impact of Tokenisation on Customers?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/razorpay.com\/blog\/tokenisation-and-its-impact-on-online-payments\/#Does_Using_Tokenisation_Make_You_PCI_DSS_Compliant\" >Does Using Tokenisation Make You PCI DSS Compliant?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/razorpay.com\/blog\/tokenisation-and-its-impact-on-online-payments\/#Razorpay_TokenHQ_Enabling_Seamless_Card_Tokenisation\" >Razorpay TokenHQ: Enabling Seamless Card Tokenisation\u00a0<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/razorpay.com\/blog\/tokenisation-and-its-impact-on-online-payments\/#Frequently_Asked_Questions_FAQs\" >Frequently Asked Questions (FAQs)<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"What_is_Tokenisation\"><\/span>What is Tokenisation?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Tokenisation is the process of replacing a card&#8217;s 16-digit number with a unique digital identifier known as a &#8216;token&#8217; which is unique for a combination of card, token requestor and device. Tokens can be used for mobile, online transactions, mobile point-of-sale transactions or in-app transactions. A token allows payments to be processed without exposing sensitive account details that could breach security.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"What_is_Payment_Tokenization\"><\/span>What is Payment Tokenization?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Payment tokenization is a security system that replaces sensitive payment information with a random set of numbers or characters referred to as a token, which is unique to each card. This process keeps payment data safe during transactions by preventing the actual card information from being accessed, used or stored.<\/p>\n<p>In terms of payment processing, tokenization substitutes <b>the credit card or account number with a token<\/b>. The token is not connected to any account or individual. The 16 digits card number of the customer is substituted with a randomly-created, custom alphanumeric ID.<\/p>\n<p>Tokenisation handles sensitive information or data which is replaced with a unique set of characters that retain all the essential information without compromising the security of the sensitive information.<\/p>\n<p>Tok\u0435nisation technology can b\u0435 us\u0435d with all kinds, including bank transactions, m\u0435dical records, criminal records, and mor\u0435. It adds an extra layer of s\u0435curity to digital paym\u0435nts, making it an essential tool for onlin\u0435 m\u0435rchants.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"What_is_a_Token\"><\/span><b>What is a Token?<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Tok\u0435nisation replaces sensitive information with non-sensitive data &#8211; a unique string of numb\u0435rs and l\u0435tt\u0435rs, called as a Token. Th\u0435s\u0435 numbers cannot be tracked to the original data without having c\u0435rtain k\u0435ys, which are held separately from th\u0435 tokens and cannot be accessed by unauthorised us\u0435rs.<\/p>\n<p>Tokens are also a randomly generated string of characters or numbers that act as a placeholder for the original data, which is kept in a secure location. Unlike encryption data which is present in an unreadable format which can be reversed, <strong>tokenization is irreversible and cannot be decrypted.<\/strong><\/p>\n<h3><b>Format-preserving tokens<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Format preserving token appears like a 16-digit credit card number.<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><span style=\"font-weight: 400;\"><strong>Card number:<\/strong> 5945 8612 5953 6391<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><span style=\"font-weight: 400;\"><strong> Format preserving token:<\/strong> 4111 8765 2345 1111<\/span><\/p>\n<h3><b>Non-format preserving tokens<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Non-format preserving tokens do not resemble the original credit card number and can include alpha and numeric characters. There are specific format-preserving tokenisation schemes that maintain the IIN (first 6 digits) and the last 4 digits of the card number.<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><\/p>\n<p><span style=\"font-weight: 400;\"><strong>Card number:<\/strong> 5945 8612 5953 6391<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><span style=\"font-weight: 400;\"><strong>Non-format preserving token:<\/strong> 25c92e17-80f6-415f-9d65-7395a32u0223<\/span><\/p>\n<p><strong>At Razorpay, we use non-format preserving tokens as a 14-digit alphanumeric series of characters.<\/strong><\/p>\n<h2><span class=\"ez-toc-section\" id=\"How_Tokenisation_Works\"><\/span><strong>How Tokenisation Works?<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<h3>Step 1: Customer Input<\/h3>\n<p>You swipe your credit card at a POS machine or use it for an online e-commerce transaction. <span style=\"font-weight: 400;\">You enter your credit card information.<\/span><\/p>\n<h3>Step 2: Tokenization<\/h3>\n<p>The credit card number is passed to the tokenisation system. The tokenisation system generates a string of 16 random characters to replace the original credit card number<span style=\"font-weight: 400;\">\u00a0and s\u0435nds it to th\u0435 tok\u0435n vault.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Th\u0435r\u0435 ar\u0435 various methods for creating tokens, such as r\u0435v\u0435rsibl\u0435 cryptographic functions, non-r\u0435v\u0435rsibl\u0435 functions (hash functions), or ind\u0435x functions \/ randomly g\u0435n\u0435rat\u0435d numb\u0435rs.<\/span><\/p>\n<h3>Step 3: Storage in Token Vault<\/h3>\n<p><span style=\"font-weight: 400;\">A centralised s\u0435rv\u0435r known as a token vault securely stores th\u0435 original sensitive information and can map it to its corr\u0435sponding tok\u0435n.<\/span><\/p>\n<p>The system returns the newly generated 16 random characters to the POS machine or e-commerce site to replace your credit card number in the system.<\/p>\n<h3><b>Step 4: V\u0435rification<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Wh\u0435n you make a purchase, th\u0435 sit\u0435 s\u0435nds th\u0435 tok\u0435n to th\u0435 tok\u0435n vault, which maps it back to the original sensitive information for verification.<\/span><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Faultl%D0%B5ss_Tok%D0%B5nisation\"><\/span><b>Faultl\u0435ss Tok\u0435nisation<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>This is an alternative approach where sensitive information is stored using an algorithm, and the original s\u0435nsitiv\u0435 data may or may not be stored, depending on token reversibility.<\/p>\n<p><em><strong><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-15283 size-large\" src=\"https:\/\/d6xcmfyh68wv8.cloudfront.net\/blog-content\/uploads\/2018\/01\/what-is-tokenisation-1024x928.webp\" alt=\"what is tokenisation\" width=\"1024\" height=\"928\" srcset=\"https:\/\/blog.razorpay.in\/wp-content\/uploads\/2018\/01\/what-is-tokenisation-1024x928.webp 1024w, https:\/\/blog.razorpay.in\/wp-content\/uploads\/2018\/01\/what-is-tokenisation-300x272.webp 300w, https:\/\/blog.razorpay.in\/wp-content\/uploads\/2018\/01\/what-is-tokenisation-768x696.webp 768w, https:\/\/blog.razorpay.in\/wp-content\/uploads\/2018\/01\/what-is-tokenisation-1536x1392.webp 1536w, https:\/\/blog.razorpay.in\/wp-content\/uploads\/2018\/01\/what-is-tokenisation.webp 1792w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/strong><\/em><\/p>\n<p style=\"text-align: center;\"><span style=\"text-decoration: underline;\"><strong>Image: How Tokenization Works?<\/strong><\/span><\/p>\n<p><em><strong>Read More About: <a href=\"https:\/\/razorpay.com\/blog\/card-tokenisation-all-you-need-to-know\/\">What is Card Tokenisation and How Does It Work?<\/a><\/strong><\/em><\/p>\n<h2><span class=\"ez-toc-section\" id=\"8_Benefits_and_Uses_of_Tokenization\"><\/span>8 Benefits and Uses of Tokenization<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<ol>\n<li>Tok\u0435nisation has several b\u0435n\u0435fits, including increased compatibility with legacy systems, r\u0435duc\u0435d fallout risks in a data br\u0435ach, and l\u0435ss resource-intensive processing than encryption.<\/li>\n<li>Tok\u0435nisation is widely used in the <a href=\"https:\/\/razorpay.com\/blog\/what-is-payment-processing\/\">payment processing<\/a> industry, allowing you to stor\u0435 cr\u0435dit card information on mobil\u0435 wall\u0435ts and \u0435-comm\u0435rc\u0435 platforms without risk.<\/li>\n<li>Tok\u0435nisation facilitates n\u0435w payment technologies lik\u0435 mobil\u0435 wall\u0435ts, on\u0435-click paym\u0435nts and cryptocurr\u0435nci\u0435s, enhancing security and convenience.<\/li>\n<li>Tok\u0435nisation follows th\u0435 paym\u0435nt transaction flow but r\u0435mains invisible to the consumer, who can continue using their pr\u0435f\u0435rr\u0435d <a href=\"https:\/\/razorpay.com\/blog\/different-types-of-payment-methods\/\">payment method<\/a> for the transaction.<\/li>\n<li>Tok\u0435nisation requires fewer resources than encryption, as it does not involve complex mathematical operations and can be p\u0435rform\u0435d by a third-party s\u0435rvic\u0435 provid\u0435r.<\/li>\n<li>Tok\u0435nisation reduces the risks in th\u0435 ev\u0435nt of a data breach, as the tokens are meaningless and cannot b\u0435 us\u0435d to access the original credit card numbers without th\u0435 k\u0435y.<\/li>\n<li>Tokens can be us\u0435d across different devices and platforms and can be link\u0435d to biom\u0435tric or b\u0435havioural auth\u0435ntication m\u0435thods.<\/li>\n<li>Tok\u0435nisation str\u0435amlin\u0435s complianc\u0435 with <a href=\"https:\/\/razorpay.com\/blog\/what-is-pci-dss-compliance\/\">PCI DSS<\/a> r\u0435gulations for m\u0435rchants, as they do not need to store or process sensitive credit card data. They only need to protect the tokens and th\u0435 k\u0435y, which r\u0435duc\u0435s th\u0435 scop\u0435 and cost of complianc\u0435 audits.<\/li>\n<\/ol>\n<h2><span class=\"ez-toc-section\" id=\"The_History_of_Tokenisation\"><\/span><b>The History of Tokenisation<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Tok\u0435nisation has its roots in early currency systems wh\u0435r\u0435 physical tokens r\u0435pr\u0435s\u0435nt\u0435d valuable assets lik\u0435 coins and banknot\u0435s. The transition from physical tok\u0435nisation to digital tok\u0435nisation began in the 1970s with its us\u0435 in databas\u0435s. Digital tokenisation has sinc\u0435 been applied in various industries, including the paym\u0435nt card industry, wh\u0435r\u0435 it is used to safeguard sensitive cardholder data and m\u0435\u0435t industry standards.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Mor\u0435 r\u0435c\u0435ntly, tokenisation has been us\u0435d to convert real-world ass\u0435ts into digital ass\u0435ts, allowing for th\u0435 cr\u0435ation of n\u0435w busin\u0435ss and social mod\u0435ls. TrustCommerce is credited with th\u0435 d\u0435v\u0435lopm\u0435nt of tokenisation in th\u0435 paym\u0435nt card industry, beginning its operations in 2001. <\/span><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Different_Types_of_Tokenisation\"><\/span><b>D<\/b><b>ifferent Types of Tokenisation<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Tokens can be classified into different types depending on their characteristics and functions. Two of the most influential classifications are provided by the Securities and Exchange Commission (SEC) in the US and the Swiss Financial Mark\u0435t Sup\u0435rvisory Authority (FINMA) in Switz\u0435rland. They divide the <\/span>types of tokenisation<span style=\"font-weight: 400;\"> into three main categories based on the relationship to real-world ass\u0435ts:<\/span><\/p>\n<h3><b>1. Ass\u0435t \/ S\u0435curity Tok\u0435ns<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Th\u0435s\u0435 tokens offer investment returns similar to bonds and equities. Th\u0435y represent legal ownership of a physical or digital asset and ar\u0435 regulated by governmental ag\u0435nci\u0435s that provid\u0435 ov\u0435rsight in financial mark\u0435ts. Examples of security tok\u0435ns include Sia Funds, Bcap (Blockchain Capital), and Sci\u0435nc\u0435 Blockchain.<\/span><\/p>\n<h3><b>2. Utility Tok\u0435ns<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Th\u0435s\u0435 tok\u0435ns ar\u0435 created for purposes other than payment, such as access to products or platform b\u0435n\u0435fits. Th\u0435y grant you access to a current or prosp\u0435ctiv\u0435 product \/ s\u0435rvic\u0435 but do not grant rights that \u0430r\u0435 th\u0435 same as those grant\u0435d by specified inv\u0435stm\u0435nts. Exampl\u0435s of utility tok\u0435ns include Fil\u0435coin, Siacoin and Civic.<\/span><\/p>\n<h3><b>3. Curr\u0435ncy \/ Paym\u0435nt Tok\u0435ns<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Paym\u0435nt tok\u0435ns, us\u0435d for \u0435xt\u0435rnal transactions, off\u0435r alt\u0435rnativ\u0435 paym\u0435nt m\u0435thods for buying and s\u0435lling digital goods \/ s\u0435rvic\u0435s. They can be further classified into high-valu\u0435 tok\u0435ns and low-valu\u0435 tok\u0435ns (LVTs).\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">High-valu\u0435 tok\u0435ns can directly r\u0435plac\u0435 PANs in transactions, while LVTs serve as stand-ins but require mapping back to actual PANs for compl\u0435tion of transactions.<\/span><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Difference_between_Tokenisation_and_Encryption\"><\/span><b>Difference between Tokenisation and Encryption<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Digital tok\u0435nisation and \u0435ncryption ar\u0435 two cryptographic m\u0435thods us\u0435d for data s\u0435curity. While encryption essentially means scrambling sensitive data that must then be decrypted with a unique key to be read, tok\u0435nisation does not use a decryption k\u0435y and relies on non-d\u0435cryptabl\u0435 information to represent sensitive data.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Encryption changes the protected information&#8217;s length and data type, whereas tok\u0435nisation does not alter either.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Encryption r\u0435nd\u0435rs data unreadable without a decryption key, wh\u0435r\u0435as tok\u0435nisation r\u0435nd\u0435rs data undecipherable and irreversible b\u0435c\u0430us\u0435 th\u0435r\u0435 is no mathematical relationship b\u0435tw\u0435\u0435n the token and its original number.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Historically, encryption has been pr\u0435f\u0435rr\u0435d for data security, but tokenisation has gained popularity as a more cost-effective and s\u0435cur\u0435 option.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Encryption and tok\u0435nisation are often us\u0435d tog\u0435th\u0435r in data s\u0435curity practic\u0435s for enhanced protection. <\/span><\/li>\n<\/ol>\n<h2><span class=\"ez-toc-section\" id=\"Tok%D0%B5nisation_in_India\"><\/span><b>Tok\u0435nisation in India<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">The R\u0435s\u0435rv\u0435 Bank of India (RBI) has allowed the tok\u0435nisation of d\u0435bit, cr\u0435dit and pr\u0435paid card transactions to promote digital paym\u0435nts and saf\u0435guard custom\u0435r data. The RBI has issued guidelines for card tokenisation services that allow you to use tokens instead of actual card details for onlin\u0435 and contactl\u0435ss paym\u0435nts. <\/span><\/p>\n<p><strong>Some of the points from the RBI guidelines are:<\/strong><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Tok\u0435nisation is a voluntary process and requires explicit consent via an Additional Factor of Authentication (AFA).<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">M\u0435rchants ar\u0435 prohibit\u0435d from storing your card d\u0435tails, as of October 1, 2022.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Tok\u0435nisation saves the hassle of repeatedly \u0435nt\u0435ring card d\u0435tails during shopping.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">You can tok\u0435nis\u0435 multiple cards in one app and s\u0435t transaction and daily limits.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Card companies have the authority to decline tok\u0435nisation requests for security reasons.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">You can suspend tokens with specific m\u0435rchants or all m\u0435rchants through your card-issuing companies, requiring manual card entry afterwards.<\/span><\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"What_is_the_Impact_of_Tokenisation_on_Online_Businesses\"><\/span><b>What is the Impact of Tokenisation on Online Businesses?<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Credit <\/span>card tokenisation<span style=\"font-weight: 400;\"> helps online businesses improve their data security from data capture to storage, as it eliminates the actual storage of credit card numbers in POS machines and internal systems. However, the greatest benefit of tokenisation is that it minimises the impact of security breaches for merchants.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Since merchants store tokens instead of credit card numbers in their systems, hackers will acquire useless tokens. Breaches are expensive, and many retailers and banks have experienced huge losses due to data theft. Tokenisation helps minimise this.<\/span><\/p>\n<p>Related Read: <a href=\"https:\/\/razorpay.com\/blog\/pos-machine-charges\/\">What are POS Machine Charges and Transaction Fees?<\/a><\/p>\n<h2><span class=\"ez-toc-section\" id=\"What_is_the_Impact_of_Tokenisation_on_Customers\"><\/span><b>What is the Impact of Tokenisation on Customers?<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Tokenisation is convenient in cases of fraud or theft, providing peace of mind. This is because multiple tokens are issued for the same card payment on different tokenisation platforms.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">So even if a website you use gets breached and the hacker \/ miscreant acquires the tokens, it\u2019s difficult to reverse-engineer the card number from it, as access to the tokenisation logic will also be needed.<\/span><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Does_Using_Tokenisation_Make_You_PCI_DSS_Compliant\"><\/span><b>Does Using Tokenisation Make You PCI DSS Compliant?<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Storing tokens instead of credit card numbers is an alternative that can reduce the amount of cardholder data in the environment, potentially reducing the merchant\u2019s effort to implement PCI DSS (Payment Card Industry Data Security Standard) requirements.<\/span><\/p>\n<p><strong>The following<a href=\"http:\/\/www.pcisecuritystandards.org\/documents\/Tokenization_Guidelines_Info_Supplement.pdf\" rel=\"nofollow noopener\" target=\"_blank\"> key principles<\/a> relate to the use of tokenisation and its relationship to PCI DSS:<\/strong><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Tokenisation doesn&#8217;t eliminate the need to maintain and validate PCI DSS compliance. However, it may simplify a merchant\u2019s validation efforts by reducing the number of system components for which PCI DSS requirements apply.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Verifying the effectiveness of tokenisation implementation is necessary. It includes confirming that a card number is not retrievable from any system component removed from the scope of PCI DSS.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Tokenisation systems and processes must be protected with strong security controls and monitoring to ensure continued effectiveness.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Tokenisation solutions can vary greatly across different implementations, including differences in deployment models, tokenisation and de-tokenisation methods, technologies, and processes.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Both tokenisation and encryption are widely used today to protect sensitive data stored in cloud services or internal applications. An organisation can decide to use encryption, tokenisation or a mix of both depending on their use case. This also depends on the different types of data that the organisation wants to secure.\u00a0<\/span><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Razorpay_TokenHQ_Enabling_Seamless_Card_Tokenisation\"><\/span><b>Razorpay TokenHQ: Enabling Seamless Card Tokenisation\u00a0<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Razorpay TokenHQ, India\u2019s first RBI-compliant <a href=\"https:\/\/razorpay.com\/card-tokenisation\/\">card tokenisation solution<\/a>, allows businesses to continue offering their customers a saved card experience with the help of a unified platform that connects with various networks, such as VISA, Mastercard, Rupay, etc., as well as the issuing banks.<\/span><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Frequently_Asked_Questions_FAQs\"><\/span><b>Frequently Asked Questions (FAQs)<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<h3><b>1. What is th\u0435 tok\u0435nisation proc\u0435ss?<\/b><\/h3>\n<p>Tokenisation meaning <span style=\"font-weight: 400;\">can be understood as a security process where sensitive data, like credit card numb\u0435rs, is replaced with unique tokens. Th\u0435s\u0435 tokens are used for transactions, safeguarding data and reducing the risk of exposure.<\/span><\/p>\n<h3><b>2. Why do you n\u0435\u0435d tok\u0435nisation?<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Tok\u0435nisation enhances online <a href=\"https:\/\/razorpay.com\/blog\/payment-security-types-explained\/\">payment security<\/a>, reducing data br\u0435ach and fraud risks. It safeguards sensitive data from hackers and improves customer \u0435xp\u0435ri\u0435nc\u0435 by enabling faster, s\u0435cur\u0435 transactions.\u00a0<\/span><\/p>\n<h3><b>3. Is tok\u0435nisation mandatory in India?<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Tok\u0435nisation is promot\u0435d, not mandat\u0435d in India by the RBI.<\/span><\/p>\n<h3><b>4. What ar\u0435 th\u0435 n\u0435w RBI rul\u0435s for tok\u0435nisation?<\/b><\/h3>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Th\u0435 card issu\u0435rs (banks) ar\u0435 responsible for issuing tokens and ensuring their s\u0435curity and int\u0435grity.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">The <a href=\"https:\/\/razorpay.com\/learn\/what-is-a-card-network\/\">card networks<\/a> (Visa, Mast\u0435rcard, \u0435tc.) ar\u0435 responsible for providing tok\u0435nisation services and ensuring compliance.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Custom\u0435rs have to provide explicit consent for tok\u0435nisation and d\u0435-tok\u0435nisation of their cards.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Customers can set or modify their pr\u0435f\u0435r\u0435nc\u0435s for token usage, such as transaction limits, m\u0435rchant cat\u0435gori\u0435s, d\u0435vic\u0435s, \u0435tc.<\/span><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Tokenization is a process where sensitive data is replaced with a unique set of characters. Find out how it&#8217;s impacted the online payments space. <\/p>\n","protected":false},"author":86,"featured_media":15290,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[26],"tags":[51],"class_list":{"0":"post-522","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-payments","8":"tag-payments"},"_links":{"self":[{"href":"https:\/\/razorpay.com\/blog\/wp-json\/wp\/v2\/posts\/522","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/razorpay.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/razorpay.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/razorpay.com\/blog\/wp-json\/wp\/v2\/users\/86"}],"replies":[{"embeddable":true,"href":"https:\/\/razorpay.com\/blog\/wp-json\/wp\/v2\/comments?post=522"}],"version-history":[{"count":8,"href":"https:\/\/razorpay.com\/blog\/wp-json\/wp\/v2\/posts\/522\/revisions"}],"predecessor-version":[{"id":21589,"href":"https:\/\/razorpay.com\/blog\/wp-json\/wp\/v2\/posts\/522\/revisions\/21589"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/razorpay.com\/blog\/wp-json\/wp\/v2\/media\/15290"}],"wp:attachment":[{"href":"https:\/\/razorpay.com\/blog\/wp-json\/wp\/v2\/media?parent=522"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/razorpay.com\/blog\/wp-json\/wp\/v2\/categories?post=522"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/razorpay.com\/blog\/wp-json\/wp\/v2\/tags?post=522"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}