The Rise of Card Tokenisation in India

January 31, 2025

Card tokenisation has rapidly transformed the digital payment landscape in India. As of December 2024, over 91 crore tokens have been issued, facilitating more than 320 crore transactions valued at nearly ₹11 lakh crore. This growth puts stress on the shift towards enhanced security in e-commerce, with 98 per cent of online transactions now processed without actual card data.

What is Tokenisation?

  • Tokenisation replaces sensitive card details with a unique identifier called a token.
  • This token serves as a substitute for the customer’s card information, allowing secure transactions.
  • Each token is unique to the device or merchant, ensuring that actual card data is never stored by merchants.

Evolution of Tokenisation in India

  • The Reserve Bank of India (RBI) first introduced device tokenisation in January 2019, followed by card-on-file tokenisation in September 2021.
  • These measures were implemented in response to rising data security concerns, particularly after breaches like those of MobiKwik and Juspay.

Cyber Security and Regulatory Measures

In October 2022, the RBI mandated that businesses stop storing customer card data. This policy shift aimed to enhance consumer protection and ensure that sensitive information was not exposed on third-party platforms. Tokenisation has become essential for securing digital payments, reducing the risk of data breaches.

How Tokenisation Works

The tokenisation process involves several steps:

  • Customer Input: A customer enters card information for a transaction.
  • Token Generation: The system generates a token that replaces the card number.
  • Secure Storage: The original card data is stored securely in a token vault.
  • Verification: During a transaction, the token is sent to the vault for verification against the original data.

Benefits of Tokenisation

Tokenisation offers numerous advantages, including:

  • Enhanced security by preventing exposure of actual card details.
  • Simplified compliance with Payment Card Industry Data Security Standards (PCI DSS).
  • Reduced costs associated with data breaches for merchants.
  • Compatibility with various payment technologies, including mobile wallets.

Tokenisation vs. Encryption

While both tokenisation and encryption are used for data security, they differ fundamentally. Encryption scrambles data and requires a decryption key, whereas tokenisation replaces sensitive data with non-sensitive tokens that cannot be reversed. Tokenisation is often seen as a more cost-effective solution for securing payment information.

«

Month: 

Category: 

Leave a Reply

Your email address will not be published. Required fields are marked *