Tokens For Online Payments From January 1st: RBI Can Postpone Deadline, Find Out Why?

From Jan 1, both debit and credit cards have to be tokenised.

The RBI has mandated that from January 1, 2022, “no entity in the card transaction or payment chain, other than the card issuers and card networks, should store the actual card data.”

Instead, cardholders can use digital tokens to complete their online transactions.



HDFC Bank customers may find this familiar, since they have been receiving messages from the bank informing them that from Jan 1, their card details saved on Merchant Website/App will get deleted.

The message directs them to either enter full card details or opt for tokenisation for each payment.

Basic Info

The bank’s website explains tokenisation as a replacement of an actual or clear card number with an alternate code called the “Token”.

Each token is a unique combination of card, token requestor and the merchant.

Token requestor here is the entity which accepts a request from the customer and passes it on to the card network to issue the token.

Key Details

From Jan 1, both debit and credit cards have to be tokenised.

The token is required only for domestic online transactions, not for POS transactions at merchant outlets.

No charges have to be paid for availing the service of Tokenising the card.

The option to get a token in lieu of entering full card details is voluntary

But it is mandatory for merchants. 

If You Don’t Want A Token

If one opts to not get a token, they will have to enter the full card number, CVV and Expiry date every time to complete their online transactions.

The tokenisation request is completed only after customer gives consent through Additional Factor of Authentication (AFA).

They can also select the use case and set limits for its use.


One benefit of the concept is that it enhances security since actual card details are not shared / stored with the merchants to perform the transaction.

It eliminates risks associated with data vulnerability since sensitive details remain with the customer while they carry out transactions.

Tokenisation does not affect the payment process or customer experience directly either, so customers can rest assured.

RBI To Delay Implementation?

The RBI will likely extend the deadline on new tokenisation rules for 3-4 months so that the system can better prepare to avoid massive disruption.

It also has to consider the discomfort expressed by various stakeholders in meeting the December 31 deadline.

The industry lobby of banks, Indian Banks Association (IBA), had reached out to the RBI requesting a deadline extension. 

However, no final decision has been taken yet.

Reasons Behind Possible Extension

While the banks are confident of meeting the deadlines and are sufficiently prepared, the problem lies with other stakeholders, mainly small and mid-sized merchants which require more time. 

If the RBI decides against extending the deadline, disruptions in the ecosystem could last nine months to a year before every card is tokenised

Comments are closed, but trackbacks and pingbacks are open.

who's online