How To Make Safer Online Credit & Debit Card Payments While Shopping | Using Tokenization

Every time you buy things from an ecommerce website or book a train or flight tickets, you had to save your debit or credit card details for ease and future transactions. Remember to see that option on your screen every time you are on the checkout page. You would enter the card details, the three-digit CVV number, and check out of the payment transaction within a matter of seconds. But you know what? Saving card details in the current form is risky.


There have been instances of popular websites getting hacked by process and harvesting the saved card data. So to make online payments using your credit and debit cards safer, in India the RBI has directed payment aggregators, wallets, and online merchants not to store any sensitive card-related customer information, including the full card details. The 16-digit card numbers will get replaced with the tokens starting the 1 October 2022.

What is Tokenization? Or How can you tokenize your card?

Tokenization will replace a debit or credit card 16 digit number with a unique token that is specific to just your card and specific for just one merchant at a time.
The token masks the true details of your card, so in case there’s a data leak from the merchant website, the fraudsters will not be able to misuse your card or card details. Tokens can be used for online transactions, mobile point of sale transactions, or in-app transactions. A token contains no personal information which can be accessed, and it keeps changing, making it the most secure method to complete payments. Card users should either make a token before buying an item online and save that token on the particular website for future use or create a token and save it for future use at the time of payment. After your shopping is done, you do not need your card token when you present your card at a physical shop at the checkout counter.

Is tokenization mandatory?

The answer is no. Customers can choose whether to let their cards get tokenized on a merchant website or not. In that case, a customer will have to reenter the card details afresh for every transaction, including the 16 digit card number, expiry date, and CBD while purchasing anything online. Either way, your card details will not be stored on websites such as Flip Card, Amazon, Menstrual, and so on.

You can either choose to get your card tokenized and store the token, or enter your card details afresh every time you shop online. Ideally, you should opt for tokenization of cards only if that website is used regularly and you want to avoid the hassle of entering the card details each time. Let’s say you want to opt for it.

What’s the procedure to tokenize your debit or credit card with an online merchant?

While making a payment on a merchant website or an app, enter your card details and opt for tokenization.

Your merchant forwards it to the respective bank or card network, like Visa, Rupee, Mastercard, etc. A token will then get generated and sent back to your merchant, who saves it for you. Now, the next time you come back to the shop, just select the save token. At the checkout time, you will see the same MasterCard details and the last four digits of your card number. All you need to do is enter your CVV and complete the transaction tokenization.

Like I said, it’s not mandatory, but it makes it easier to shop repeatedly on any given website or an app.

Is there a service fee for tokenization?

No, it’s absolutely free of cost and can be availed by anyone. However, currently, tokenization is applicable only to domestic cards. This guideline does not cover any international cards. You can request tokenization on any number of cards, however, to perform a transaction.

Is a token on one merchant can be used for another?

The answer is no. Each merchant will have a unique token associated with every card saved. For instance, you have a credit card tokenized on Flipkart. Now, the same card will have a different token on Amazon.

Essentially, your card will end up having multiple tokens based on the number of merchants you tokenize your card with. And if you want to remove a token you saved on a merchant website, you can easily delete that token from the website or app and remove the card associated with the token from your payment preferences.

What will happen to a token once the card is replaced or renewed or reissued or even upgraded?

All you need to do is revisit the merchant page and create a fresh token. The process will be the same, which I explained to you. That’s because your new card, whether it’s a debit card or a credit card, it’ll come with a new number and CVV. Hope this gives you a better understanding of how tokenization of cards will work. Don’t forget to share before you leave the page.