Skip to main content

What is tokenisation of card transactions?

Reserve Bank of India (RBI) has issued guidelines on tokenisation of card transactions. 

What is tokenisation?

Tokenisation refers to replacement of actual card details with an alternate code called the “token”, which shall be unique for a combination of card, token requestor and device.

What is de-tokenisation?

Conversion of the token back to actual card details is known as de-tokenisation.

What is the benefit of tokenisation?

As the actual card details are not shared with the merchant during a transaction, it is expected to make card transactions more safe, secure and convenient for the users. 

Which devices or use cases are covered for tokenisation?

Authorised card payment networks are allowed to offer card tokenisation services to any token requestor (i.e., third party app provider), through mobile phones, tablets, laptops, desktops, wearables (wrist watches, bands, etc.), Internet of Things (IoT) devices, etc. for all use cases / channels (e.g., contactless card transactions, payments through QR codes, apps etc.)

What are the conditions for offering tokenisation facility?

  • Registration of card on token requestor’s app shall be done only with explicit customer consent through Additional Factor of Authentication (AFA). It shall not be mandatory for the customers to tokenise their cards.
  • Customers shall have option to register / de-register their card for a particular use case, i.e., contactless, QR code based, in-app payments, etc.
  • Customers shall be given option to set and modify per transaction and daily transaction limits for tokenised card transactions.
  • A customer shall have option to request for tokenisation of any number of cards. For performing any transaction, the customer shall be free to use any of the cards registered with the token requestor app.
  • Customers shall be given option to tokenise their cards on any number of devices.
  • No charges should be recovered from the customer for availing tokenisation service.
  • All extant instructions of Reserve Bank of India (RBI) on safety and security of card transactions, including the mandate for Additional Factor of Authentication (AFA) / PIN entry shall be applicable for tokenised card transactions as well.
  • Before providing card tokenisation services, authorised card payment networks shall put in place a mechanism for periodic system audit at frequent intervals, of all entities involved in providing card tokenisation services to customers. This system audit shall be undertaken by empanelled auditors of Indian Computer Emergency Response Team (CERT-In).

What is the deadline for tokenisation of cards?

  • With effect from October 01, 2022, no entity in the card transaction / payment chain, other than the card issuers and / or card networks, shall store the actual card data. Any such data stored previously shall be purged.
  • For transaction tracking and / or reconciliation purposes, entities can store limited data – last four digits of actual card number and card issuer’s name – in compliance with the applicable standards.

How to get card tokenised?

The card holder can get the card tokenised by initiating a request on the app provided by the token requestor. The token requestor will forward the request to the card network which, with the consent of the card issuer, will issue a token corresponding to the combination of the card, the token requestor, and the device.

(Updated on January 06, 2024)

The tokenisation facility will also be offered directly through card issuing banks / institutions enabling cardholders to tokenise their cards for multiple merchant sites through a single process. 

  • Generation of CoF Tokens for a card, through the card issuer, can be enabled through mobile banking and internet banking channels.
  • CoFT generation shall be done only on explicit customer consent, and with AFA validation. If the cardholder selects multiple merchants for which to tokenise his / her card, AFA validation may be combined for all these merchants.
  • The tokens thus generated shall be made available on the merchant’s payment page, in the cardholder’s account with the merchant.
  • The cardholder may tokenise the card either on receipt of the new card or later.
  • The card issuer shall provide a complete list of merchants for whom it can provide tokenisation services and the cardholder can make his selection from the list.
  • The card token may be so issued either by the card network or the issuer or both.

Whom to approach in case of issues with tokenisation?

In case of any issues with regard to the tokenisation or loss of device, it shall be reported to / raised with the card issuer.


References

Reserve Bank of India. (2019, January 08). 'Tokenisation – Card transactions. Retrieved from https://rbi.org.in/Scripts/NotificationUser.aspx?Id=11449&Mode=0

Reserve Bank of India. (2021, August 25). 'Tokenisation – Card Transactions : Extending the Scope of Permitted Devices'. Retrieved from https://rbi.org.in/Scripts/NotificationUser.aspx?Id=12152&Mode=0

Reserve Bank of India. (2021, September 07). 'Tokenisation – Card Transactions: Permitting Card-on-File Tokenisation (CoFT) Services'. Retrieved from https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=12159&Mode=0

Reserve Bank of India. (2022, September 26). 'FAQ-Device based Tokenisation – Card Transactions'. Retrieved from https://rbi.org.in/Scripts/FAQView.aspx?Id=129

Reserve Bank of India. (2022, July 28). 'Restriction on Storage of Actual Card Data [i.e. Card-on-File (CoF)]'. Retrieved from https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=12363&Mode=0

Reserve Bank of India. (2023, December 20). 'Card-on-File Tokenisation (CoFT) – Enabling Tokenisation through Card Issuing Banks'. Retrieved from https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=12573&Mode=0


Follow at - Telegram   Instagram   LinkedIn   Twitter

Labels:

Comments

Post a Comment

Popular Posts

National Strategy for Financial Inclusion (NSFI) 2025-30

Reserve Bank of India (RBI) has published National Strategy for Financial Inclusion (NSFI) 2025-30. Financial Inclusion The Committee on Financial Inclusion (Chairman: Dr C Rangarajan, RBI, 2008) defined financial inclusion as “the process of ensuring access to financial services, timely and adequate credit for vulnerable groups such as weaker sections and low-income groups at an affordable cost”. The Committee on Medium-Term Path to Financial Inclusion (Chairman: Shri Deepak Mohanty, RBI, 2015) viewed financial inclusion as, “convenient access to a basket of basic formal financial products and services that should include savings, remittance, credit, government-supported insurance and pension products to small and marginal farmers and low income households at reasonable cost with adequate protection progressively supplemented by social cash transfers, besides increasing the access of small and marginal enterprises to formal finance with a greater reliance on technology to cut costs an...
Post a Comment
Read more

RBI’s Monetary Policy (December 05, 2025): In A Nutshell

The bi-monthly monetary policy of Reserve Bank of India (RBI) was announced on December 05, 2025. Here are some of the highlights of the monetary policy announcement. Rates   Change Rate Policy repo rate Reduced by 25 bps 5.25% Standing deposit facility (SDF) rate 5.00% Marginal standing facility (MSF) rate 5.50% Bank rate 5.50% Monetary policy stance Monetary policy stance unchanged as ‘neutral’. Domestic Economy  Real Gross Domestic Product (GDP) growth accelerated to 8.2% in Q2, buoyed by strong spending during the festive season which was further facilitated by the rationalisation of the goods and services tax (GST) rates.  Real GDP growth for 2025-26 is projected at 7.3%. For the first time since the adoption of flexible inflation targeting (FIT), average headline inflation for a quarter at 1.7% in Q2, breached the lower tolerance threshold (2%) of the inflation target (4%). It dipped further to an all-time low of 0.3% in October 2025. The underlying inflation pressu...
Post a Comment
Read more

Export / Import of Currency and Possession / Retention of Foreign Currency

Reserve Bank of India (RBI) has updated the guidelines on export and import of currency. What are the guidelines on export and import of Indian currency? Transferor Transfer from Transfer to Nature of currency Maximum limit Person resident in India India Countries other than Nepal and Bhutan Currency notes of Government of India (GoI) and RBI notes ₹25000 per person Commemorative coins 2 coins Person resident in India gone out of India on temporary visit, on his return Countries other than Nepal and Bhutan India Currency notes of GoI and RBI notes ₹25000 per person Person resident outside India (not citizen of Pakistan / Bangladesh) visiting India India Any country Currency notes of GoI and RBI notes ₹25000 per person Any country India Person (not citizen of Pakist...
Post a Comment
Read more

Rupee Interest Rate Derivatives

Reserve Bank of India (RBI) has issued directions on rupee interest rate derivatives. What is Interest Rate Derivative (IRD)? Interest Rate Derivative (IRD) means a financial derivative contract whose value is derived from one or more Rupee interest rates, prices of Rupee interest rate instruments, or Rupee interest rate indices. To which transactions shall the directions be applicable? The directions shall be applicable to Rupee IRD transactions undertaken in the over-the-counter (OTC) market and on recognised stock exchanges in India. Forward Contracts in Government Securities shall be undertaken in the OTC market in terms of the Reserve Bank of India (Forward Contracts in Government Securities) Directions, 2025, dated February 21, 2025. Who are eligible participants in IRD markets? Resident Non-resident, through its central treasury or its group entity, where applicable.  What are the directions on trading of IRDs on recognised stock exchanges? A recognised stock exchange is per...
Post a Comment
Read more

What are Government Securities (G-Secs)?

Governments raise / borrow funds by issuing government securities to finance a variety of projects and activities. What is Government Security (G-Sec)? Government Security (G-Sec) is a tradeable instrument issued by the Central Government or the State Governments.  G-Secs carry practically no risk of default and, hence, are called risk-free gilt-edged instruments. What are the tenures of G-Secs? G-Secs can be short-term securities (with original maturities of less than 1 year) or long-term securities (with original maturity of 1 year or more).  In India, the Central Government issues both short-term and long-term securities while the State Governments issue only long-term securities. What are the types of G-Secs? Government security Term Issued by Treasury Bills (T-bills) Short-term Central Government Cash Management Bills (CMBs) Short-term Central Government Bonds or Dated G-Secs ...
Post a Comment
Read more