Skip to main content

What is tokenisation of card transactions?

Reserve Bank of India (RBI) has issued guidelines on tokenisation of card transactions. 

What is tokenisation?

Tokenisation refers to replacement of actual card details with an alternate code called the “token”, which shall be unique for a combination of card, token requestor and device.

What is de-tokenisation?

Conversion of the token back to actual card details is known as de-tokenisation.

What is the benefit of tokenisation?

As the actual card details are not shared with the merchant during a transaction, it is expected to make card transactions more safe, secure and convenient for the users. 

Which devices or use cases are covered for tokenisation?

Authorised card payment networks are allowed to offer card tokenisation services to any token requestor (i.e., third party app provider), through mobile phones, tablets, laptops, desktops, wearables (wrist watches, bands, etc.), Internet of Things (IoT) devices, etc. for all use cases / channels (e.g., contactless card transactions, payments through QR codes, apps etc.)

What are the conditions for offering tokenisation facility?

  • Registration of card on token requestor’s app shall be done only with explicit customer consent through Additional Factor of Authentication (AFA). It shall not be mandatory for the customers to tokenise their cards.
  • Customers shall have option to register / de-register their card for a particular use case, i.e., contactless, QR code based, in-app payments, etc.
  • Customers shall be given option to set and modify per transaction and daily transaction limits for tokenised card transactions.
  • A customer shall have option to request for tokenisation of any number of cards. For performing any transaction, the customer shall be free to use any of the cards registered with the token requestor app.
  • Customers shall be given option to tokenise their cards on any number of devices.
  • No charges should be recovered from the customer for availing tokenisation service.
  • All extant instructions of Reserve Bank of India (RBI) on safety and security of card transactions, including the mandate for Additional Factor of Authentication (AFA) / PIN entry shall be applicable for tokenised card transactions as well.
  • Before providing card tokenisation services, authorised card payment networks shall put in place a mechanism for periodic system audit at frequent intervals, of all entities involved in providing card tokenisation services to customers. This system audit shall be undertaken by empanelled auditors of Indian Computer Emergency Response Team (CERT-In).

What is the deadline for tokenisation of cards?

  • With effect from October 01, 2022, no entity in the card transaction / payment chain, other than the card issuers and / or card networks, shall store the actual card data. Any such data stored previously shall be purged.
  • For transaction tracking and / or reconciliation purposes, entities can store limited data – last four digits of actual card number and card issuer’s name – in compliance with the applicable standards.

How to get card tokenised?

The card holder can get the card tokenised by initiating a request on the app provided by the token requestor. The token requestor will forward the request to the card network which, with the consent of the card issuer, will issue a token corresponding to the combination of the card, the token requestor, and the device.

(Updated on January 06, 2024)

The tokenisation facility will also be offered directly through card issuing banks / institutions enabling cardholders to tokenise their cards for multiple merchant sites through a single process. 

  • Generation of CoF Tokens for a card, through the card issuer, can be enabled through mobile banking and internet banking channels.
  • CoFT generation shall be done only on explicit customer consent, and with AFA validation. If the cardholder selects multiple merchants for which to tokenise his / her card, AFA validation may be combined for all these merchants.
  • The tokens thus generated shall be made available on the merchant’s payment page, in the cardholder’s account with the merchant.
  • The cardholder may tokenise the card either on receipt of the new card or later.
  • The card issuer shall provide a complete list of merchants for whom it can provide tokenisation services and the cardholder can make his selection from the list.
  • The card token may be so issued either by the card network or the issuer or both.

Whom to approach in case of issues with tokenisation?

In case of any issues with regard to the tokenisation or loss of device, it shall be reported to / raised with the card issuer.


References

Reserve Bank of India. (2019, January 08). 'Tokenisation – Card transactions. Retrieved from https://rbi.org.in/Scripts/NotificationUser.aspx?Id=11449&Mode=0

Reserve Bank of India. (2021, August 25). 'Tokenisation – Card Transactions : Extending the Scope of Permitted Devices'. Retrieved from https://rbi.org.in/Scripts/NotificationUser.aspx?Id=12152&Mode=0

Reserve Bank of India. (2021, September 07). 'Tokenisation – Card Transactions: Permitting Card-on-File Tokenisation (CoFT) Services'. Retrieved from https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=12159&Mode=0

Reserve Bank of India. (2022, September 26). 'FAQ-Device based Tokenisation – Card Transactions'. Retrieved from https://rbi.org.in/Scripts/FAQView.aspx?Id=129

Reserve Bank of India. (2022, July 28). 'Restriction on Storage of Actual Card Data [i.e. Card-on-File (CoF)]'. Retrieved from https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=12363&Mode=0

Reserve Bank of India. (2023, December 20). 'Card-on-File Tokenisation (CoFT) – Enabling Tokenisation through Card Issuing Banks'. Retrieved from https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=12573&Mode=0


Follow at - Telegram   Instagram   LinkedIn   Twitter

Labels:

Comments

Post a Comment

Popular Posts

Credit Facilities – Lending against Gold and Silver Collateral

Reserve Bank of India (RBI) has issued directions on credit facilities offered by various regulated entities. This article summarises the directions applicable to lending against gold and silver collateral. To whom are the directions applicable? The directions are applicable to the following Regulated Entities (REs) – Commercial Banks  Small Finance Banks (SFBs) Local Area Banks (LABs) Regional Rural Banks (RRBs) Primary (Urban) Co-operative Banks (UCBs) Rural Co-operative Banks – State Co-operative Banks (StCBs) Central Co-operative Banks (CCBs) Non-Banking Financial Companies (NBFCs) for all layers – Deposit taking NBFC (NBFC-D) NBFC-Investment and Credit Companies (NBFC-ICC) NBFC-Factor  NBFC-Micro Finance Institutions (NBFC-MFI)  NBFC-Infrastructure Finance Company (NBFC-IFC)  Infrastructure Debt Fund-NBFC (IDF-NBFC)  Housing Finance Company (HFC)  To whom are the directions partially applicable? The prudential regulations are not applicable to ‘NBFCs-B...
Post a Comment
Read more

Credit Facilities – Digital Lending Guidelines

Reserve Bank of India (RBI) has issued directions on credit facilities offered by various regulated entities. This article summarises the directions applicable to digital lending. To whom are the directions applicable? The directions are applicable to the following Regulated Entities (REs) – Commercial Banks  Small Finance Banks (SFBs) Local Area Banks (LABs) Regional Rural Banks (RRBs) Primary (Urban) Co-operative Banks (UCBs) Rural Co-operative Banks – State Co-operative Banks (StCBs) Central Co-operative Banks (CCBs) All India Financial Institutions (AIFIs) regulated by RBI – Export Import Bank of India (EXIM Bank) National Bank for Agriculture and Rural Development (NABARD) National Housing Bank (NHB) Small Industries Development Bank of India (SIDBI) National Bank for Financing Infrastructure and Development (NaBFID) Non-Banking Financial Companies (NBFCs) for all layers – Deposit taking NBFC (NBFC-D) NBFC-Investment and Credit Companies (NBFC-ICC) NBFC-Factor  NBFC-Micro...
Post a Comment
Read more

Guidelines on Money Changing Activities (Updated as on May 06, 2026)

Reserve Bank of India (RBI) has updated the guidelines on money changing activities. What are the guidelines for appointment of agents / franchisee? RBI had permitted Authorised Dealers (ADs) Category - I, ADs Category - II and Full Fledged Money Changers (FFMCs) to enter into agency or franchisee agreements at their option for the purpose of carrying restricted money changing business i.e. conversion of foreign currency notes, coins or travellers' cheques into Indian Rupees (INR).  A franchisee can be any entity which has a place of business and a minimum Net Owned Funds of ₹10 lakh.  Franchisees can undertake only restricted money changing business. Franchisees of AD Category - I / AD Category - II / FFMCs functioning within 10 kms from the borders of Pakistan and Bangladesh may also sell the currency of the bordering country, with the prior approval of RBI.  Other franchisees of AD Category - I / AD Category - II / FFMCs cannot sell foreign currency. An authorised pers...
Post a Comment
Read more

Credit Facilities – Finance to Non-Banking Financial Companies (NBFCs)

Reserve Bank of India (RBI) has issued directions on credit facilities offered by various regulated entities. This article summarises the directions applicable in respect of finance to Non-Banking Financial Companies (NBFCs). To whom are the directions applicable? The directions are applicable to the following Regulated Entities (REs) – Commercial Banks  Small Finance Banks (SFBs) Primary (Urban) Co-operative Banks (UCBs) All India Financial Institutions (AIFIs) regulated by RBI – Export Import Bank of India (EXIM Bank) National Bank for Agriculture and Rural Development (NABARD) National Housing Bank (NHB) Small Industries Development Bank of India (SIDBI) National Bank for Financing Infrastructure and Development (NaBFID) What are the conditions on finance to NBFCs? Commercial Banks and SFBs The bank shall extend need based working capital facilities as well as term loans to NBFCs registered with the RBI and engaged in infrastructure financing, equipment leasing, hire-purchase, l...
Post a Comment
Read more

Highlights of RBI Annual Report 2025-26 – Chapter 1 to 3

Reserve Bank of India (RBI) has published its annual report for the financial year 2025-26. In a series of articles, we will go through the highlights of the report. This is the first article in the series.  Legal framework for publication of Annual Report by the RBI Report of the Central Board of Directors on the working of RBI for the year is submitted to the Central Government in terms of Section 53(2) of the RBI Act, 1934. The letter of transmittal is signed by the RBI Governor and addressed to the Finance Secretary, Ministry of Finance, Government of India. Documents submitted by the RBI to the Central Government In pursuance of Section 53(2) of the RBI Act, 1934, the following documents have been submitted to the Central Government – A copy of the Annual Accounts for the year ended March 31, 2026 certified by the RBI’s Auditors and signed by Chief General Manager-in-charge, all the Deputy Governors and Governor. 2 copies of the Annual Report of the Central Board on the workin...
Post a Comment
Read more