{"id":6895,"date":"2024-07-11T04:30:49","date_gmt":"2024-07-10T23:00:49","guid":{"rendered":"https:\/\/razorpay.com\/blog\/?p=6895"},"modified":"2025-03-21T15:10:15","modified_gmt":"2025-03-21T09:40:15","slug":"card-tokenisation-all-you-need-to-know","status":"publish","type":"post","link":"https:\/\/razorpay.com\/blog\/card-tokenisation-all-you-need-to-know\/","title":{"rendered":"Card Tokenisation: How Does Credit and Debit Card Tokenisation Work?"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">The recent RBI guidelines around card tokenisation have raised a number of questions and caused a great deal of confusion and uncertainty. As of July 2022, businesses and <a href=\"https:\/\/razorpay.com\/payment-gateway\/\">payment gateway<\/a> or <a href=\"https:\/\/razorpay.com\/blog\/what-is-a-payment-aggregator\/\">payment aggregators<\/a> will no longer be able to save the card data of their customers. However, RBI has presented an alternative, allowing businesses to provide their customers the same saved card experience in the form of \u2018tokens\u2019.\u00a0<\/span><\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_80 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-69ef9118df41d\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-69ef9118df41d\"  aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/razorpay.com\/blog\/card-tokenisation-all-you-need-to-know\/#What_is_Credit_Card_Tokenisation\" >What is Credit Card Tokenisation?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/razorpay.com\/blog\/card-tokenisation-all-you-need-to-know\/#Examples_of_Card_Tokenisation\" >Examples of Card Tokenisation<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/razorpay.com\/blog\/card-tokenisation-all-you-need-to-know\/#How_Does_Card_Tokenisation_Work\" >How Does Card Tokenisation Work?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/razorpay.com\/blog\/card-tokenisation-all-you-need-to-know\/#How_Does_Credit_and_Debit_Card_Tokenisation_Work\" >How Does Credit and Debit Card Tokenisation Work?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/razorpay.com\/blog\/card-tokenisation-all-you-need-to-know\/#How_is_Card_Tokenisation_Different_from_EMV_Technology\" >How is Card Tokenisation Different from EMV Technology?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/razorpay.com\/blog\/card-tokenisation-all-you-need-to-know\/#Why_Tokenisation_Important_In_India\" >Why Tokenisation Important In India?\u00a0\u00a0<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/razorpay.com\/blog\/card-tokenisation-all-you-need-to-know\/#What_will_be_the_impact_of_tokenisation_on_your_customers\" >What will be the impact of tokenisation on your customers?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/razorpay.com\/blog\/card-tokenisation-all-you-need-to-know\/#Why_Should_Businesses_Invest_in_Card_Tokenisation\" >Why Should Businesses Invest in Card Tokenisation?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/razorpay.com\/blog\/card-tokenisation-all-you-need-to-know\/#Benefits_of_Card_Tokenisation\" >Benefits of Card Tokenisation<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/razorpay.com\/blog\/card-tokenisation-all-you-need-to-know\/#Common_Myths_About_Card_Tokenisation\" >Common Myths About Card Tokenisation<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/razorpay.com\/blog\/card-tokenisation-all-you-need-to-know\/#Frequently_Asked_Questions_FAQs\" >Frequently Asked Questions (FAQs)<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"What_is_Credit_Card_Tokenisation\"><\/span>What is Credit Card Tokenisation?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Card tokenisation refers to replacing your actual card details with a unique code called a token. This token can be used for making online payments without exposing sensitive information. Card tokenisation is a way of enhancing the security and privacy of card transactions, as it lowers the threat of data breaches and fraud.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The Reserve Bank of India (RBI) has published guidelines for card tokenisation in India, which came into effect on January 01, 2022. According to these guidelines, merchants are not allowed to store customer card details on their servers and have to adopt card-on-file (CoF) tokenisation as an alternative to card storage.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">CoF tokenisation means that you can save your card details on a merchant app or website, but the merchant will only store a token corresponding to the card and not the actual card number or expiry date. The token will be distinct for a combination of the card, token requestor (the entity that provides the app or website), and device (the consumer device being used by you).<\/span><\/p>\n<p>Related Read: <a href=\"https:\/\/razorpay.com\/blog\/payment-aggregator-vs-payment-gateway\/\">Payment Aggregator vs Payment Gateway<\/a><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Examples_of_Card_Tokenisation\"><\/span><b>Examples of Card Tokenisation<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><b>Card tokenisation<\/b><span style=\"font-weight: 400;\"> is used in various sectors to enhance security and streamline payment processes. The following examples highlight the versatility and effectiveness of card tokenisation in different industries &#8211;<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">In e-commerce, <\/span><b>card tokenisation<\/b><span style=\"font-weight: 400;\"> allows you to save your card information for future purchases securely.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><a href=\"https:\/\/razorpay.com\/learn\/mobile-wallet\/\">Mobile wallets<\/a> utilise card tokenisation to enable quick and secure payments through smartphones.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Call centres use tokenisation to protect your data during over-the-phone transactions.<\/span><\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"How_Does_Card_Tokenisation_Work\"><\/span><b>How Does Card Tokenisation Work?<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><b>Card tokenisation<\/b><span style=\"font-weight: 400;\"> enhances the security of online payments by replacing card numbers with unique codes, known as tokens. When you make a payment on an online shopping portal, enter your card details and select &#8216;<a href=\"https:\/\/razorpay.com\/blog\/tokenisation-and-its-impact-on-online-payments\/\">tokenisation<\/a>&#8216;. The merchant then forwards your information to their bank or <a href=\"https:\/\/razorpay.com\/learn\/what-is-a-card-network\/\">card network<\/a>. A token is generated and sent back to the merchant, who keeps it for future transactions.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The next time you shop on the same platform, you can select the saved token instead of entering your card details again. This is what a tokenised transaction is and its meaning. It protects your confidential information from cybercriminals. You will see the masked card details and the last 4 digits of your card number, but you must enter the CVV to complete the transaction.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Tokenisation ensures that sensitive banking details are not revealed during payments, reducing the risk of card fraud. It improves security for both businesses and customers.<\/span><\/p>\n<h2><span class=\"ez-toc-section\" id=\"How_Does_Credit_and_Debit_Card_Tokenisation_Work\"><\/span><b>How Does Credit and Debit Card Tokenisation Work?<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Here is how credit and debit card tokenisation works:<\/span><\/p>\n<p><b>Step 1:<\/b><span style=\"font-weight: 400;\"> When you make a payment online or at a store using your card, the merchant or the payment app sends a request to your card network (such as Visa, Mastercard, etc.) to tokenise your card details.<\/span><\/p>\n<p><b>Step 2:<\/b><span style=\"font-weight: 400;\"> The card network generates a unique code called a token that replaces your actual card number. The token is different for each combination of card, merchant and device. For example, the token for your card on Amazon will be different from the token for your card on Flipkart.<\/span><\/p>\n<p><b>Step 3:<\/b><span style=\"font-weight: 400;\"> The card network sends the token back to the merchant or the payment app, along with other information, such as the expiry date and the CVV of your card.<\/span><\/p>\n<p><b>Step 4:<\/b><span style=\"font-weight: 400;\"> The merchant or the payment app uses the token to process the payment and sends it to the acquiring banking institution (the bank that handles the transactions for the merchant).<\/span><\/p>\n<p><b>Step 5:<\/b><span style=\"font-weight: 400;\"> The acquiring bank forwards the token to the issuing bank (the bank that issued your card) for authorisation.<\/span><\/p>\n<p><b>Step 6:<\/b><span style=\"font-weight: 400;\"> The issuing bank matches the token with your card details in its secure database and sends a confirmation or rejection message to the acquiring bank, which then informs the merchant or the payment app about the transaction status.<\/span><\/p>\n<h2><span class=\"ez-toc-section\" id=\"How_is_Card_Tokenisation_Different_from_EMV_Technology\"><\/span><b>How is Card Tokenisation Different from EMV Technology?<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">EMV (Europay, Mastercard and Visa) technology is a global standard for secure credit and debit card transactions. It involves the use of chip-based cards with dynamic data. Instead of just a magnetic stripe, EMV cards have a tiny computer chip that creates a unique code for each transaction.<\/span><\/p>\n<p><b>Card tokenisation<\/b><span style=\"font-weight: 400;\"> and EMV technology aim to enhance electronic <a href=\"https:\/\/razorpay.com\/blog\/payment-security-types-explained\/\">payment security<\/a>, but they serve different purposes. While EMV technology focuses on securing the physical card using a microchip (such as purchasing clothes at an outlet using your credit card), <\/span><b>card tokenisation<\/b><span style=\"font-weight: 400;\"> protects payment data during digital transactions (such as making purchases on an e-commerce platform).<\/span><\/p>\n<p><span style=\"font-weight: 400;\">With card tokenisation, sensitive card information is replaced with a unique token that is meaningless to hackers. In contrast, EMV technology prevents fraudulent use of stolen or counterfeit cards at point-of-sale terminals. Therefore, tokenisation complements EMV technology by securing card data during online and digital transactions.<\/span><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Why_Tokenisation_Important_In_India\"><\/span><strong>Why Tokenisation Important In India?\u00a0\u00a0<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Saved card data, if not securely stored, is vulnerable to data breaches, which have alarmingly increased over the past decade. These breaches lead to card fraud and diminish public trust in card payments, negatively affecting <a href=\"https:\/\/razorpay.com\/learn\/what-is-online-transaction\/\">online transactions<\/a>. To address this, the <a href=\"https:\/\/www.rbi.org.in\/\" rel=\"nofollow noopener\" target=\"_blank\">RBI<\/a> has issued guidelines on card tokenisation to enhance security and restore public confidence in digital transactions.<\/p>\n<p>The implementation of card tokenisation by the RBI is crucial for both businesses and customers in India. Tokenisation ensures that intercepted card tokens are useless to hackers, reducing security risks for merchants and standardising security protocols. By mandating tokenisation, the RBI protects businesses from financial losses due to digital fraud and safeguards customers&#8217; sensitive information, enabling the digital economy to grow securely and seamlessly.<\/p>\n<p style=\"text-align: center;\"><strong>Also Read: <a href=\"https:\/\/razorpay.com\/blog\/card-on-file-tokenisation-all-you-need-to-know\/\">Decoding Card-on-File Tokenisation: All you need to know<\/a> <\/strong><\/p>\n<h2><span class=\"ez-toc-section\" id=\"What_will_be_the_impact_of_tokenisation_on_your_customers\"><\/span><strong>What will be the impact of tokenisation on your customers?<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Around 30% conversions on cards happen through saved cards. Additionally, as much as 32% of failed transactions are never reattempted. By saving card details businesses have been ensuring;\u00a0<\/span><\/p>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">A seamless checkout experience for their customers, leading to lower drop offs\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Elimination of failed transactions due to inputting of incorrect card details<\/span><\/li>\n<\/ol>\n<p><span style=\"font-weight: 400;\">Cardholders have long enjoyed the <a href=\"https:\/\/razorpay.com\/docs\/payments\/payment-methods\/cards\/features\/saved-cards\/\">convenience of a saved-cards<\/a> checkout, however, they are also wary of saving card details on third-party websites. While they might trust a few websites or payment gateways with such sensitive information, in most scenarios they do not feel comfortable saving their card details, and they shouldn\u2019t! This fear is grounded in the <\/span><span style=\"font-weight: 400;\">reality of data breaches and <a href=\"https:\/\/razorpay.com\/learn\/credit-card-fraud\/\">credit card frauds<\/a><\/span><span style=\"font-weight: 400;\"> that have plagued us for more than a decade now.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">With card tokenisation consumers no longer need to fear saving their card details. There will be <\/span><b>no change in the cardholder experience<\/b><span style=\"font-weight: 400;\">, except for an AFA, or consent that will be collected for tokenisation.\u00a0<\/span><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Why_Should_Businesses_Invest_in_Card_Tokenisation\"><\/span><b>Why Should Businesses Invest in Card Tokenisation?<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<h3><b>1. Safe PCI Compliance and Security<\/b><\/h3>\n<p><b>Card tokenisation<\/b><span style=\"font-weight: 400;\"> provides businesses with a secure method of storing and transmitting customer payment information. By replacing sensitive card data with unique tokens, businesses can significantly reduce the risk of data breaches and fraud.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Tokenisation ensures that the actual card details are never stored on the merchant&#8217;s servers, making it an effective measure for achieving Payment Card Industry (PCI) compliance.<\/span><\/p>\n<h3><b>2. Ease of One-Click Payments and Recurring Billing<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">With <\/span><b>card tokenisation,<\/b><span style=\"font-weight: 400;\"> businesses can offer customers a convenient and seamless payment experience. Once your card is tokenized, you can make one-click payments without repeatedly entering your card details.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Additionally, tokenisation allows hassle-free <a href=\"https:\/\/razorpay.com\/blog\/what-is-recurring-billing\/\">recurring billing<\/a>, such as monthly subscriptions or instalment payments.<\/span><\/p>\n<h3><b>3. Enhancing Customer Experience<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">By implementing <\/span><b>card tokenisation<\/b><span style=\"font-weight: 400;\">, businesses can enhance customer experience by providing a secure and frictionless payment process. You no longer have to worry about the security of your card information while making online purchases. This leads to increased trust and loyalty towards the business.<\/span><\/p>\n<h3><b>4. Variety of Payment Solutions and Options<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Tokenisation enables businesses to accept various <a href=\"https:\/\/razorpay.com\/blog\/different-types-of-payment-methods\/\">payment methods<\/a> beyond just credit and debit cards. It supports alternative payment options such as e-wallets, UPI, mobile banking solutions, and more. The availability of multiple payment solutions can attract a broader range of customers and cater to their individual preferences.<\/span><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Benefits_of_Card_Tokenisation\"><\/span><b>Benefits of Card Tokenisation<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<h3><b>1. Enhanced security<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Card tokenisation replaces sensitive card information with a unique token, reducing the risk of data breaches and fraud.<\/span><\/p>\n<h3><b>2. Simplified compliance<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Tokenisation helps businesses meet the RBI&#8217;s guidelines for implementing secure <a href=\"https:\/\/razorpay.com\/learn\/digital-payments-india-definition-methods-importance\/\">digital payment<\/a> methods.<\/span><\/p>\n<h3><b>3. Streamlined transactions<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Tokenized transactions are faster and more convenient, thus improving the overall customer experience.<\/span><\/p>\n<h3><b>4. Ease of recurring payments<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Tokenized cards can be used for recurring payments without sharing card details repeatedly.<\/span><\/p>\n<h3><b>5. Increased customer trust<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">By safeguarding card information, businesses can build customer trust and loyalty.<\/span><\/p>\n<h3><strong>What about the cards that are already saved?<\/strong><\/h3>\n<p><span style=\"font-weight: 400;\">RBI guidelines stipulate that businesses and <a href=\"https:\/\/razorpay.com\/blog\/payment-processor\/\">payment processors<\/a> will need to delete all saved cards by or before June 30th, 2022.\u00a0<\/span><\/p>\n<blockquote class=\"modern-quote\"><p>The good news is that businesses can start tokenising cards right away with<a href=\"https:\/\/razorpay.com\/card-tokenisation\/\"> Razorpay TokenHQ, India\u2019s first multi-network tokenisation solution<\/a>.<\/p><\/blockquote>\n<p><span style=\"font-weight: 400;\">Once you have integrated with TokenHQ, you can use every subsequent transaction to collect consent for tokenisation from your customers. This consent can be combined with the transaction itself.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Thus, if a customer makes a transaction using a saved card, the same transaction can also be used to collect consent for tokenisation in the form of an AFA. The faster you integrate with TokenHQ, the more likely you are to retain a vast majority of the cards already saved at checkout. Once the deadline for card tokenisation arrives, you will be adequately prepared.\u00a0<\/span><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Common_Myths_About_Card_Tokenisation\"><\/span>Common Myths About Card Tokenisation<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<h3><b>1. Tokenisation will be complex and difficult to implement<\/b><span style=\"font-weight: 400;\">:\u00a0<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Businesses that are on standard and custom checkout will have to make <\/span><b>zero changes<\/b><span style=\"font-weight: 400;\"> on their end. <\/span><span style=\"font-weight: 400;\">Razorpay TokenHQ<\/span><span style=\"font-weight: 400;\"> will be auto-enabled for you, so sit back and relax, while we do all the heavy lifting!<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><span style=\"font-weight: 400;\">For businesses on S2S checkout, you can easily integrate with our developer-friendly REST APIs.\u00a0<\/span><\/p>\n<h3><b>2. \u201cIf I adopt Razorpay TokenHQ, I will have to use the Razorpay PG<\/b><span style=\"font-weight: 400;\">\u201d\u00a0<\/span><\/h3>\n<p><b>Untrue!<\/b><span style=\"font-weight: 400;\"> We are flexible across <a href=\"https:\/\/razorpay.com\/blog\/multiple-payment-gateways\/\">multiple payment gateways<\/a>, so you don\u2019t have to change your existing payment flows.\u00a0<\/span><b><\/b><\/p>\n<h3><b>3. Tokenisation will be expensive for businesses:\u00a0<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">TokenHQ will be a <\/span><b>free upgrade <\/b><span style=\"font-weight: 400;\">for all standard and customer checkout businesses. However, we will charge a small fee for transactions made through saved cards for S2S businesses.\u00a0<\/span><\/p>\n<p><em><span style=\"font-weight: 400;\">Do you want to know how you can implement card tokenisation for your business? Please reach out to: <\/span><a href=\"mailto:Card-tokenisation@Razorpay.com\"><span style=\"font-weight: 400;\">card-tokenisation@razorpay.com<\/span><\/a><span style=\"font-weight: 400;\"> for more information, or get in touch with your respective Account Manager if you are already a Razorpay merchant.\u00a0<\/span><\/em><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Frequently_Asked_Questions_FAQs\"><\/span>Frequently Asked Questions (FAQs)<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<h3><b>1. What is a new RBI guideline on tokenisation?<\/b><\/h3>\n<p>The RBI has mandated that payment aggregators, wallets, and online merchants (entities involved in the card transaction\/payment chain other than card issuers or networks) must not store any sensitive card-related customer information, including full card details. Instead, card numbers must be replaced with &#8216;tokens&#8217;. This directive, effective from 1st October 2022, will not hinder your credit card experience but will enhance the security of your credit card transactions.<\/p>\n<h3><b>2. What is the process of tokenisation?<\/b><\/h3>\n<p>Tokenization is a process in which sensitive data, such as a credit or debit card number, is replaced with a unique identifier known as a token. This token is a random string of characters that has no meaningful value on its own and cannot be reverse-engineered to obtain the original card details.<\/p>\n<p>The process involves:<\/p>\n<ol>\n<li><strong>Initiation<\/strong>: A transaction is initiated using the card details.<\/li>\n<li><strong>Request<\/strong>: The card details are sent to the tokenization system.<\/li>\n<li><strong>Generation<\/strong>: The system generates a token corresponding to the card details.<\/li>\n<li><strong>Storage<\/strong>: The token is stored securely and linked to the original card details in a token vault.<\/li>\n<li><strong>Usage<\/strong>: The token can then be used in place of the actual card number for transactions, providing security against data breaches as the actual card details are not exposed.<\/li>\n<\/ol>\n<h3><b>3. What is the last date of card tokenisation by RBI?<\/b><\/h3>\n<p>As per the Reserve Bank of India&#8217;s guidelines, the deadline for card tokenization was extended to September 30, 2022. This extension was provided to ensure that all stakeholders had adequate time to comply with the new regulations and to ensure a seamless transition to the tokenization system.<\/p>\n<h3><b>4. Is card tokenization mandatory in India?<\/b><\/h3>\n<p>Yes, card tokenization is mandatory in India. The Reserve Bank of India (RBI) has made it mandatory for merchants to use tokenization services for card transactions. This move is aimed at enhancing the security of online transactions by ensuring that actual card details are not stored by merchants, thereby reducing the risk of data breaches and fraud.<\/p>\n<h3><b>5. How do I check my debit card tokenization?<\/b><\/h3>\n<p>To check the tokenization status of your debit card, you can follow these steps:<\/p>\n<ol>\n<li><strong>Bank&#8217;s Mobile App or Website<\/strong>: Log in to your bank\u2019s mobile app or website.<\/li>\n<li><strong>Navigate to Card Services<\/strong>: Find the section related to card services or security settings.<\/li>\n<li><strong>Check Tokenization Status<\/strong>: Look for an option that shows the status of card tokenization. This might be under a section like &#8220;Manage Tokens&#8221; or &#8220;Tokenization Status.&#8221;<\/li>\n<li><strong>Contact Customer Support<\/strong>: If you cannot find the information online, contact your bank\u2019s customer support for assistance.<\/li>\n<\/ol>\n<h3><b>6. What is the difference between credit card tokenization and encryption?<\/b><\/h3>\n<table>\n<tbody>\n<tr>\n<td style=\"text-align: center;\"><strong>Key Differences<\/strong><\/td>\n<td style=\"text-align: center;\"><strong>Tokenization<\/strong><\/td>\n<td style=\"text-align: center;\"><strong>Encryption<\/strong><\/td>\n<\/tr>\n<tr>\n<td><strong>Functionality<\/strong><\/td>\n<td>Replaces data with a token<\/td>\n<td>Scrambles data<\/td>\n<\/tr>\n<tr>\n<td><strong>Reversibility<\/strong><\/td>\n<td>Cannot be reversed without the token vault<\/td>\n<td>Can be decrypted with the correct key<\/td>\n<\/tr>\n<tr>\n<td><strong>Use Cases<\/strong><\/td>\n<td>Used for <a href=\"https:\/\/razorpay.com\/blog\/what-is-payment-processing\/\">payment processing<\/a><\/td>\n<td>Used for broader data protection<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<div><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Get all answers to questions around tokenisation, and how Razorpay TokenHQ can ensure a seamless checkout experience for your customers.  <\/p>\n","protected":false},"author":86,"featured_media":16463,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[26],"tags":[237,248,183,240,238],"class_list":{"0":"post-6895","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-payments","8":"tag-card-on-file-tokenisation","9":"tag-checkout","10":"tag-razorpay","11":"tag-razorpay-tokenhq","12":"tag-tokenisation"},"_links":{"self":[{"href":"https:\/\/razorpay.com\/blog\/wp-json\/wp\/v2\/posts\/6895","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/razorpay.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/razorpay.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/razorpay.com\/blog\/wp-json\/wp\/v2\/users\/86"}],"replies":[{"embeddable":true,"href":"https:\/\/razorpay.com\/blog\/wp-json\/wp\/v2\/comments?post=6895"}],"version-history":[{"count":12,"href":"https:\/\/razorpay.com\/blog\/wp-json\/wp\/v2\/posts\/6895\/revisions"}],"predecessor-version":[{"id":21563,"href":"https:\/\/razorpay.com\/blog\/wp-json\/wp\/v2\/posts\/6895\/revisions\/21563"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/razorpay.com\/blog\/wp-json\/wp\/v2\/media\/16463"}],"wp:attachment":[{"href":"https:\/\/razorpay.com\/blog\/wp-json\/wp\/v2\/media?parent=6895"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/razorpay.com\/blog\/wp-json\/wp\/v2\/categories?post=6895"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/razorpay.com\/blog\/wp-json\/wp\/v2\/tags?post=6895"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}