As per RBI mandate, starting October 01, 2022, sensitive customer information like complete card number, CVV & Expiry date or any other sensitive information related to cards cannot be stored by merchants for processing online transactions. The merchants will have to remove all details stored, by June 30, 2022.
They will be allowed to store the customer’s card details only through tokenization post taking an AFA (Additional factor authentication, eg: OTP) from the customer. This means that as per the new guidelines, you can now safely secure your card details using tokenisation while you shop with the online merchants.
Tokenisation is a backend process of replacing Credit/ Debit/ Prepaid Card details with a unique set of characters or a 'token'. This will secure payments and enable future transactions without exposing any sensitive card details.
To view and delete tokenized cards, click here
If you don’t tokenise your card, every time you shop on an online website/ app, you will have to enter all the card details (card number, expiry date, CVV) to make the payment.
No. Merchant will not store your actual card details. A token corresponding to your card will be stored.
Only your card networks (VISA, MasterCard, Rupay, Amex, etc.) and your card issuer (Kotak Mahindra Bank) will have access to your card details from these tokens.
Multiple tokens are issued for the same card on different online platforms, making it difficult to trace back the token to the card details. In case, any merchant’s data is hacked, the token details alone cannot be used for any fraudulent transactions. Thus completely securing your card.
You will see the last 4 digits of their card number on the merchant page.
For performing any transaction, you can use any of the cards registered with the token requestor/ merchant.
You will have to visit the merchant page and create a fresh token with the new card credentials.
Yes. All Debit, Credit & Prepaid Cards will have to be tokenized for online transactions starting October 01, 2022.
No. Tokenisation is applicable only for domestic transactions.
No. tokenisation is only required for online transactions.
No. There are no additional charges for tokenizing the card.