What is Debit and Credit Card Tokenization and How Does it Work?

Debit and Credit Card Tokenization

Track Name


Ever wondered what if the online transactional process becomes safer? We would be indubitably saved from all sorts of security attacks and can be rest assured that our money is not getting snatched out of our hands. Let me tell you, there is a piece of good news for us. The introduction of credit card tokenization or debit card tokenization is here to make us feel more secure regarding online transactions. Now, the question is “what is card tokenization as mandated by RBI?” For that, in this article, we will be discussing everything about credit or debit card tokenization norms in India and understand how is it more secure than traditional methods.

So, without any delay let us get to our main article!

What is card-on-file (CoF)?

When a customer makes a purchase online through their credit or debit cards, they need to enter some basic card details which mostly include name, number, three-digit CVV, expiration date, etc. The information that is filled in is saved by the payment gateways, merchants, and payment aggregators and is known as card-on-file or CoF. Therefore, CoF is card details saved on file. This information or details is further used for carrying out future recurring transactions.

What is Credit and Debit Card Tokenization in Banking?

The card details that are entered by the customer are saved by the merchant through masking and other security procedures. There is always some risk associated with security measures that are taken.

Card tokenization is a method that is meant to make your transaction process safer. The card tokenization process involves receiving a token or a unique alternate code that replaces sensitive transactional data which is a randomly generated token from the company’s internal network. Things that the unique tokens will replace also include point-of-sale and in-app transactions.

It is unique for a combination of credit or debit cards, token requester, and the device being used.  Card tokenization is an initiative by the Reserve Bank of India which is the governing authority of all Indian banks.

How does the card tokenization method work?


  • For card tokenization, the user must request their cards to be tokenized to the token requester who then forwards the request to the card network
  • Subsequently, the card network issues the tokens to the card owner.
  • The issued token will correspond to the combination of the card, the requester, and the device. The last four digits of the card will be retained by the token to verify the card owner with their corresponding tokens.
  • In the case of an online transaction, the merchant will send a message to the payment gateway which will ask for a token, and after receiving it will be forwarded to the bank for the transactional process.
  • There are no charges for the customers using the card tokenization service.

When the Card Tokenisation Norms were implemented?


  • In September 2021, the RBI asked merchants to not store the card details on their servers from January 1, 2022, and suggested them card tokenization as an alternative mode of transactional procedure.
  • Some problems cropped up during the implementation of the card tokenization norms.
  • The industry players came out with guest checkout transaction problems. Several industry players and digital payment platforms were expecting disruption in online transactions from January 1, 2022. However, all stakeholders were eager to make this system work well.
  • The card tokenization norms were scheduled to be implemented on June 24 but the date was extended to September 30, 2022. After granting much relaxation in the implementation of these norms, the CoF tokenization started operating on October 1, 2022.
  • These extensions or relaxations were given for a comfortable switchover to card tokenization. Although enough progress was made in token creation and implementation, the concept needed to materialize across different categories of merchants. This is the reason why the deadlines kept extending.
  • Nearly 35 tokens were created and 40% of transactions valued at Rs 63 crore were carried out using card tokens.

Steps to Obtain a Credit or Debit Card Tokenization

The answers to “how to tokenise a credit card” and “how to tokenise a debit card” are generally the same. There are six basic steps to obtain a credit or debit card tokenization. These steps (originally tweeted by RBI) are as follows:

  1. The first step is to visit the e-commerce platform, website or application from where you will make the online purchase.
  2. While you are checking out, enter your credit or debit card details that were saved earlier. Apart from that, you need to enter some other details.
  3. Once you have entered the details, you need to select either “secure your card as per RBI guidelines” or “tokenise your card as per RBI guidelines” options as displayed.
  4. In the next step, you will receive an OTP in your phone number or email which is for verification purposes. Once you enter the OTP in the desired field, the transaction process is complete.
  5. Your token has been generated and saved without requiring you to share credit or debit card details.
  6. Finally, you are tokenised!


Who can offer card tokenization services?

Card tokenisation services can only be provided by the authorised card network. Moreover, the Primary Account Number (PAN) should only be recovered by the service provider.

Why credit and debit card tokenization?

The benefits of card tokenization are as follows:

  • Transaction process will become more simpler, seamless and much more effective.
  • Card tokenisation will make checkouts a speedy affair.
  • The transaction process is more secure in card tokenization. Fraud payments are minimized.
  • Customers can save a digital copy of the credit or debit card on the device without having the need to carry physical cards.
  • With the availability of card tokenisation in nearly every device, including mobile phones, tablets, laptops, desktops, wearables and IoT (Internet of Things) devices, it has become more handy.


How secure is card tokenisation?


  • There have been numerous incidents before where the security of transactions were compromised. The credit card details that were saved by the retailers were exposed to hackers who used the data to carry out thefts.
  • Card tokenization is like a boon for both merchants and users that will make the transactional process safer and sounder. It guarantees reliability which was missing in the traditional methods of saving card information.
  • In this method, you do not require to share the actual card details with the merchant. The card information, the token and other important details are kept safe with the authorised card networks.
  • It is mandated for the card network to have a certified token requester for security purposes that confirm to international best practices or globally accepted standards
  • The token requester is not allowed to store PAN or any other card credentials. There must be ample safeguards so that neither the token and the PAN cannot be discovered by anyone else.
  • The RBI stresses the fact that the integrity of the card tokenisation process must be maintained at all times.
  • Since the token is used for carrying out transactions, hacking attempts from the merchants end will be futile as the customer’s card information stays protected.


Final Thought!


Awareness about “what is card tokenisation” as mandated by RBI is about staying updated with the current changes in the online transactional process that will help us know the why behind such processes.

Merchants are slowly trying to adopt tokenized transactions. However, some of them are unwilling to comply. It is said that eventually all merchants will go the tokenisation way. We are yet to witness card tokenization being used in a significant proportion. It is generally believed that card tokenization will revolutionize credit card and debit card security.

Do you think that card tokenisation is an effective way to carry out safer transactions? Are you of the opinion that all category merchants will be gradually opting for card tokenisation tomorrow if not today? Share your thoughts in the comment section below.

Frequently Asked Questions

What is card tokenization RBI?

Card tokenization is the issuing of a token in place of a Card-on-File to carry out online transactions. The RBI mandated card tokenization to replace CoF by September 30, 2022.

When is the deadline for the tokenization of credit and debit cards?

The deadline for the tokenization of credit and debit cards was on September 30, 2022. The merchants cannot keep important customer card entries from October 1, 2022.

How will card tokenization benefit credit card holders?

Card tokenization will provide security to credit card holders. It will also make the transaction process seamless and there will be no need to carry physical cards.

How can I tokenize my credit and debit cards?

Once you enter your credit card details, select “secure your card as per RBI guidelines” or “tokenize your card as per RBI guidelines”. After entering the OTP, your token card will be generated and saved.

Leave a Reply !!

This site uses Akismet to reduce spam. Learn how your comment data is processed.