top of page

RBI’s Tokenisation plans

With most financial transactions becoming online, the instances of cyber crimes are increasing. In order to control the security vulnerabilities, the Reserve Bank of India has mandated authorised card networks to issue tokens against card details from 1 July, 2022.

In the past few years, we have seen a lot of instances when the personal details of Indian credit cardholders were leaked on the dark web. To curb these leakages, the Reserve Bank Of India, from time to time has taken many steps like issuing more strict guidelines, changing the framework, so on and so forth, but still the problem does not seem to be receding. In 2020, RBI planned to take a big step to solve the problem, which is the announcement of tokenization of the bank cards' data.

Tokenization means replacing sensitive information with similar non-sensitive information. In the context of bank cards, it is the replacement of credit and debit card details with a code known as a token, that will be unique for a combination of cards. Let's understand how it works with a simple example.

In case of an online shopping transaction, all the details entered by the payer like his complete card number along with the card verification value are stored on the website for future convenience. But with the new tokenisation plans, the merchant would have to issue a token against the card details which could be used only on the merchant’s specific website.

The digital payments sector has been among the fastest growing sectors within the financial services domain with an expected coverage of nearly 70% of all payments by 2025. Credit and debit cards have been witnessing a good growth trajectory. However, this growth presents threats and vulnerabilities faced by less digitally savvy populations with COVID-19 also creating a hospitable environment for such incidents to increase. Thus, these regulations have been formulated for both- consumer protection, and seamless business continuity.

Expected impact of tokenization

According to some experts, online merchants may lose up to 20-40% of their revenues due to tokenisation norms and especially for the smaller ones, this would be an apocalypse causing them to shut shop. Scheduled recurring transactions and Equated monthly instalments that are paid through stored cards will also have to adhere to new rules. Now, with the latest extension, the RBI is expecting the system to be ready for smooth launch in the next six months.

Are the banks really prepared?

While RBI’s aim is to protect the consumer interest, the real challenge prevails in its implementation.

Banks say “they are captured with the matter” and merchants require some more time for unification. SBI, HDFC Bank and ICICI Bank are prepared for the new rules; meanwhile other stakeholders, mostly merchants, argue that their systems are not yet prepared for the new regime and need further time in putting new norms into effect.

Three steps for the smooth implementation of tokenization are :- token provisioning i.e conversion of customers’ card number into a token card, token processing which is the completion of transaction successfully through the tokens and scale-up for multiple use cases which means using the token for things like refunds, EMIs, recurring payments, offers, promotions by customers etc.


Gauri, Ananya, Ekamjot


Recent Posts

See All


bottom of page