RBI guidelines on tokenisation

If you are a frequent online shopper, you may save your card details for quicker payments. According to the latest Reserve Bank of India (RBI) guidelines, merchants can no longer store customers' debit or credit card details on their apps, platforms, or websites without tokenisation. That means you must re-enter your card details each time you shop online if you have not completed the tokenisation process. Tokenisation is a security measure that replaces your card details with a unique token number. Here, you can find all the information regarding the RBI tokenisation guidelines.

When you make an online payment using a Debit Card or Credit Card, the merchant initiates the transaction by transmitting the transaction details and full card details to your card issuer (Bank or Credit Card company). After confirming your card details, the issuer approves and deducts the payment from your account. However, with tokenisation, the merchant initiates the transaction without knowing your full card details. Instead, a unique token linked to your card is transmitted to your card issuer; the card issuer checks if the token number matches your card details and approves the transaction.

Effective Date

According to the RBI notification, effective September 30, 2022, merchants are prohibited from storing customers' card information. Only card issuers are permitted to retain card details.

Authentication Requirement

Cardholders must complete an Additional Factor of Authentication (AFA), such as an OTP, even if transactions are tokenised. This ensures an added layer of security for each transaction.

Free Tokenisation

Card issuers are required to provide tokenisation services free of charge. This ensures customers do not incur additional costs for securing their card details.

Authorised Networks

The tokenisation of your card can be done only through authorised card networks, banks, or credit card companies. This ensures that only legitimate entities handle your card data.

Data Security

Your card data remains solely with your card issuer. Merchants do not have access to your complete card details. They can only view the last four digits of your card number and your name.

Optional Service

Tokenisation is an optional service. Merchants can tokenise customers' cards only with explicit consent obtained through AFA. This ensures that tokenisation occurs only when you agree.

Multiple Cards

You can tokenise multiple cards within one mobile application. Additionally, you can select which card to use for each transaction.

Transaction Limits

Card issuers can set limits on daily, weekly, or monthly tokenised transactions. This helps manage and control the use of tokenised cards.

Token Management

Card issuers will provide a portal for managing all your tokens in one place. You can choose to suspend tokens for specific merchants or all merchants if you suspect your account is compromised, your device is lost or stolen, or if fraudulent transactions occur.

Suspicious Activity

Card issuers have the authority to decline tokenisation requests if they detect suspicious activity. This adds an extra layer of security to prevent misuse.

Data Purging

As per the latest RBI circular, all existing card data saved with merchant apps must be purged by September 30, 2022. This ensures that outdated and potentially unsafe card data is removed.

By tokenising your cards, you can protect your card information from falling into the wrong hands. When you make a card transaction, what transmits is a unique token number instead of your card number. Only your bank or card-issuing company can store your data. Here's how to tokenise your HDFC Bank Debit or Credit Cards before the deadline.

• Step 1: Visit your favourite online application/website to purchase groceries, pay bills, order food, and initiate a transaction.
• Step 2: On the check-out page, select HDFC Bank Credit/Debit Card and provide CVV.
• Step 3: Tick mark the check box "Secure your Card" or "Save Card as per RBI guidelines"
• Step 4: Enter the OTP received on your registered mobile number
• Step 5: Congratulations!!! Your card details are now secured and safe with your Bank.
• Step 6: For subsequent payments, you can pay using your HDFC Bank Credit/Debit Card by choosing the token bearing the last four digits of your Credit/Debit Card.
   

Tokenise your HDFC Bank Credit Cards to enjoy faster check-outs and great offers across your favourite shopping apps and websites. Click here to apply now. Pre-approved customers can apply by clicking here.

Read more here about the advantages of tokenisation.

​​​​​​​*Terms and conditions apply. The information provided in this article is generic in nature and for informational purposes only. It is not a substitute for specific advice in your own circumstances. Credit Card approvals at the sole discretion of HDFC Bank Limited. Credit Card approvals are subject to documentation and verification per the Bank's requirement. Interest rates are subject to change. Please check with your RM or closest bank branch for current interest rates.