From Jan 1 2022, Indian online merchants cannot store credit card information #Tokenization


  • Card data shall only be stored by the card issuers and / or card networks starting January 1, 2022. Any data previously stored will be deleted.
  • The last four digits of the card number and the card issuer’s name may be stored by entities for transaction tracking and / or reconciliation purposes, in accordance with the applicable standards.

RBI: Following a review of the tokenisation framework and to enable cardholders to take advantage of the increased security of tokenised card transactions as well as the convenience of Cof, the following enhancements have been made –

  1. CoF Tokenisation (CoFT) should be added to the device-based tokenisation framework referred to at paragraph 1 above.
  2. The card issuer can offer card tokenization services as a Token Service Provider (TSP).
  3. Tokenisation will only be offered by TSPs for cards issued by/affiliated with them.
  4. Tokenizing and detokenizing card data shall be done by the same TSP.


Post a Comment (0)
Previous Post Next Post