Tokenization paving the way for secure digital payments

The ever-evolving digital space has changed the way we transact completely. It has brought the ideas of efficient, quick and contactless payments to the forefront of the ecosystem. This space however comes with its potential risks for both consumers and businesses, like data breaches, security concerns, and hackers. With digitization came a need to initiate certain controls to make payments more secure. This is where RBI’s most recent step toward a safe digital payment system; tokenization swoops in to save the day.

What is Tokenization?

What is a token?

Tokenization calls for all online merchants to replace the currently saved card details of consumers with a unique code called the token, which customers can use at the time of purchase. RBI has issued a deadline of 30th September 2022 for all merchants to comply by erasing their database of saved card details and offering the tokenisation option to consumers. While mandatory for merchants, consumers are given the choice to tokenize or opt to manually enter card details each time they transact.

What is the purpose of tokenization?

Safety and security of sensitive card details and online transactions are one of the core purposes. Tokens provide an added layer of safety as they hold no direct relation with the original card number and are randomized codes which cannot be reversed.

Let’s take an example…Currently, while shopping online, you are required to key in your 16-digit credit or debit card details along with your 3-4-digit card verification value (CVV). This data is stored on the merchant website with the permission of the cardholder, and every time you shop you simply feed your CVV and OTP linked to your mobile number. However, saving card-sensitive data on merchant portals creates a potential risk of a data breach.

Tokenization protects the consumer as a merchant would be required to issue a token against your card details — the 16-digit card number — via the card issuers. This token could then be used only on this merchant’s portal and nowhere else.

What are the benefits of tokenization?

This transition brings with it a seamless and secure online transaction experience. Tokenization reduces the need for data control and significantly combats the risk of data exposure, as tokens hold no value and are simply codes used to mask card details. Although this will not prevent people from hacking, it prevents the leakage of consumer sensitive data.

Another key benefit lies in the simplicity of transacting, for both consumers and businesses. Customers can now make payments using tokens in a single-click transaction, and merchants’ compliance with PCI-DSS and other regulations is hassle-free. It also sets the base for long-term and trusting relationships with customers, driving sales for the merchant.

Furthermore, it drives innovation and efficiency in the payment space, by increasing the ease with which customers can make recurring transactions online like in subscription or high-frequency payments.

What is de-tokenization?

De-tokenization is simply the reversal of the unique token back to the original card details, which can only be obtained from the original tokenizing system. It however depends on whether it’s a low or high-value token. The low-value tokens are one-time generated tokens used for a single purchase whereas high-value tokens are recurring in nature.

Who issues these tokens and when?

Tokens are only issued when a consumer raises a request with the merchant. Following this, it is forwarded to the card networks who then on taking consent from the card issuer create a token. This token now replaces the already saved card details on the merchant portal for the customer to use and completes a single-click transaction.

What challenges will the industry face?

With this convenience of a solution come a few challenges which businesses will have to face. As a consumer, if one is not given the choice, and is required to manually enter details each time they transact, they are likely to migrate to other platforms to purchase, hence non-compliance by merchants will have a major impact. This could also increase the rates of incomplete purchases and cart abandonment which will directly affect the revenue of the business. While enabling security this transition will hamper certain aspects like EMI Processing, refunds and loyalty rewards that merchants offer.


As the digital payment ecosystem continues to combat cyberattacks, tokenization has emerged as a practical solution. The decision by the RBI to sweep out old card data and replace it with unique tokens is a pioneering step in payment security.