Tokenisation: Will It Make Your Online Card Transactions Secure?

05 Aug 2022

Back to all Articles


Thanks to digitalisation, the number of online transactions is higher than ever. You can use a host of payment methods to make online payments - credit card and debit card payments being one of them. The cards allow you to make quick payments at stores as well as online. At the time of online checkout, all you need to do is enter your debit or credit card details and verify the transaction through OTPs. Some mobile shopping apps also let you save your card details. However, this will not be possible after 30th September 2022. The Reserve Bank of India (RBI) has rolled out multiple notices about tokenisation. It is a security measure aimed toward maximising prevention against online payment fraud. Read on to know more about tokenisation of card transactions and find out whether it can make your online card transactions safer.

What Is Tokenisation Of Debit & Credit Cards?

Tokenisation is a security procedure wherein your existing card details get substituted with a unique code. This unique code is referred to as a token. The token is a random combination of characters that has no true meaning and value.

In pre-tokenisation scenario, while making an online card payment, your card details get added to the merchant’s database. If the merchant falls victim to cybercrime, the criminal can get access to your card details and, in turn, bank accounts associated with your debit card or credit card.

With tokenisation, what transmits between you and the merchant is a token. In an unfortunate event, the cybercriminals can only get a random token which would be difficult to track back to your Primary Account Number (PAN) / Card number.

How Will Card Tokenisation Work?

With a non-tokenised card transaction, your merchant’s acquiring bank transmits your card details to your card issuing company. Your card issuer authenticates the transaction, and the merchant receives the payment. However, with tokenisation, you need to get your cards tokenised with your online merchants first. Here’s the behind-the-scenes of a tokenised transaction:

  • You use your tokenised credit card to pay your online merchant.
  • After you make the payment, the merchant receives a unique token.
  • The merchant transmits the token to your card issuing company.
  • Your card issuer matches the token with your card details.
  • Upon successful authentication, the card issuer prompts the merchant’s acquiring bank to debit the payment from your account.

Here, the merchant has no information about your credit card.

Is Tokenisation Of Cards Mandatory For Cardholders?

Per the RBI guidelines, tokenisation is voluntary. In case customer opts to save his card on the merchant application, the card would be tokenised in-coordination with card networks and issuer bank and token would be saved by the merchant. Your bank or credit card issuer cannot force you to tokenise your debit card or credit card. It is completely free and requires explicit customer consent.

RBI states that after the tokenisation deadline, merchants cannot store the card details of their customers; thus, customers cannot save their cards with shopping apps on their mobile and tablet devices. You must manually enter the card detail every time you shop online.

For instance, let’s say you use a grocery shopping app to buy groceries every day. Before RBI’s tokenisation notice, you could save the card on your grocery shopping app. During checkout, all you had to do was confirm the OTP. The tokenisation deadline is over, and you choose not to tokenise the card. Now, you must keep entering your card details every day when you shop. 

Although tokenisation of cards is not mandatory, the RBI urges cardholders to tokenise their debit and credit cards. You can always detokenise your cards at will.

How Do I Tokenise My Card?

Tokenising your cards is a hassle-free process. Follow these steps for debit and credit card tokenisation.

  • Open a shopping app on your mobile phone or tablet.
  • Go to the page where you can view your payment details.
  • You will see a notification pop up on the screen indicating to save or verify your card before the RBI deadline.
  • Enter the Card details.
  • Enter your CVV. 
  • Enter the OTP you receive on the mobile number registered with the card.

That’s it. Your card is tokenised. The token remains with the merchant, Issuer bank/ card networks; you cannot see it. You can save multiple cards under one application. Also, you can only view the last four digits of the saved card as a security measure. Merchants may access the last four digits and your name strictly for tracking and accounting purposes. You can repeat the above steps on a number of apps such as food delivery, apparel shopping, grocery shopping, etc.

What Are The Key Challenges With Tokenisation?

While RBI has observed considerable progress with tokenisation, several concerns have come to light:

• Guest checkouts:

Stakeholders, i.e., the merchant, the merchant’s acquiring bank, and card payment networks, are yet to devise a guest-checkout mechanism that is in line with the new RBI guidelines.

• Systems for post-transaction activities:

Once a transaction is complete, the merchant needs to track and reconcile the transaction. Alternate systems for the same are still not ready for the new process.

• Systems for recurring payments:

Stakeholders are also concerned about how tokenisation will come into play in the case of mandated recurring payments like Equated Monthly Instalments (EMIs) on credit card and debit card shopping.

• Deleting customer data:

After the tokenisation deadline, merchants cannot save customers’ card data. All existing data must be deleted as well. Merchants and payment aggregators have had to request the RBI to extend the deadline multiple times.

• Token processing solutions:

Albeit the token generation is progressing, the token processing solutions are still at an early testing stage.

• Bank compliance:

Several banks are yet to integrate payment hubs. Until they do, customers may face issues while making online payments.

Why Is Tokenised Card Transaction Considered To Be Safer?

The objective of tokenisation is to prevent the online transmission of your debit card and credit card details. Your card number is swapped with a token that has no value. Cybercriminals are always on the lookout to exploit online systems. If they get hold of the token, they cannot decipher it as the token is meaningless. 

After you tokenise your cards, even you cannot view your entire card number. You can only view the last four digits, and the rest would be masked. Hence, experts believe tokenisation adds an enhanced level of security that would be difficult to exploit.

What Is The Card Tokenisation Deadline?

Due to concerns raised by various stakeholders on the card ecosystem, the RBI has postponed the deadline several times. As per the latest notification published on 24th June 2022, customers should tokenise their cards on or before 30th September 2022, and merchants should purge all customer data. From 1st October 2022, the customers who has stored their cards need to re-enter the card details for tokenisation purpose.

Tokenise Your Bank of Baroda Credit and Debit Cards

Bank of Baroda offers a plethora of Debit Cards and Credit Cards, each suited for different needs. You enjoy discounts and cashbacks across several brands. To continue enjoying a hassle-free checkout process, make sure you tokenise your BOB Debit Cards and Credit Cards before 30th September 2022. If you need help, get in touch with your relationship manager or call our toll-free number 1800 258 44 55 / 1800 102 44 55.

Popular Articles

Tag Clouds

Related Articles

Leave a Comment

Thanks for submitting your details.

New Credit Card Rules Effective from July 1, 2022

On 21st April 2022, the Reserve Bank of India (RBI) released a notification named ‘Master Direction – Credit Card and Debit Card – Issuance and Conduct Directions, 2022. The notification includes new rules and regulations pertaining to the issuance of unsolicited facilities, credit card closures, new credit card issuance, etc. The new rules apply to all Scheduled Banks (except Payment Banks, State Co-operative Banks and District Central Co-operative Banks) and all Non-Banking Financial Companies (NBFCs) in India. If you are a credit cardholder or plan to apply for a new credit card, here are the new credit cards rules effective from 1st July 2022.

5 Key Changes in PPF Account Rules That You Must Know

Saving for retirement is incredibly important. The Government of India offers several schemes geared toward the same. Most of these schemes also come with tax deduction benefits. One such popular scheme that allows you to create a lumpsum retirement corpus is the Public Provident Fund or PPF. The GOI has introduced some changes to this incredibly popular scheme in recent years. Let us understand what PPF is along with the new PPF rules.

Add this website to home screen

Are you Bank of Baroda Customer?

This is to inform you that by clicking on continue, you will be leaving our website and entering the website/Microsite operated by Insurance tie up partner. This link is provided on our Bank’s website for customer convenience and Bank of Baroda does not own or control of this website, and is not responsible for its contents. The Website/Microsite is fully owned & Maintained by Insurance tie up partner.


The use of any of the Insurance’s tie up partners website is subject to the terms of use and other terms and guidelines, if any, contained within tie up partners website.


Proceed to the website


Thank you for visiting www.bankofbaroda.in

X
We use cookies (and similar tools) to enhance your experience on our website. To learn more on our cookie policy, Privacy Policy and Terms & Conditions please click here. By continuing to browse this website, you consent to our use of cookies and agree to the Privacy Policy and Terms & Conditions.