As per RBI mandate starting 1^st October 2022, clear card number, CVV and Expiry date and any other sensitive information related to cards cannot be stored by merchants for processing online transactions.

Instead tokenised card details will be used in place of actual card details for future online purchases. Effective 1^st October 2022, clients can either choose to verify his card and do onetime tokenisation or enter full card number, CVV and expiry date every time to complete their online transactions.

To know more, please read below:

1. What is secure/tokenise my card?
   Secure/Tokenise my Card refers to replacement of actual or clear card number with an alternate code called the “Token” at online websites/app. Websites and apps offer option to customers to save their card details in order to make payment quick and easy. Effective 1st October 2022, merchants cannot save/store customers card numbers, CVV and Expiration date, and any other sensitive card information. It is as per the RBI rule to offer enhanced card security.
2. Where will these Tokens get used?
   Once created, the Tokenised card details will be used in place of an actual card number for future online transactions initiated or instructed by the card holder.
3. What is the benefit of tokenisation?
   A tokenised card transaction is considered safer as the actual card details are not shared / stored with the merchants to perform the transaction.
4. How can we secure/tokenise our SCB card?
   Step 1 – Visit the online application/website where you want to purchase grocery, pay bills or order food and initiate a transaction.
   Step 2 – In the check-out page, select Standard Chartered Bank Credit/Debit Card and provide CVV
   Step 3 – Tick mark the check box “Secure your Card” or “Save Card as per RBI guidelines”
   Step 4 – Enter the OTP received on your registered mobile number
   Step 5 – Congratulations!!! Your card details are now secured.
5. How does the process of registration for a tokenisation request work?
   The registration for a tokenisation request is done only with explicit client consent through Additional Factor of Authentication (AFA), and not by way of a forced / default / automatic selection of check box, radio button, etc.
6. Is the Tokenisation guideline applicable for both Credit and Debit cards?
   Yes. Starting 1^st Oct 2022 , both Debit and Credit cards have to be Tokenised
7. Is Tokenisation applicable for International Card on File transactions?
   No. Tokenisation is applicable only for Domestic transactions.
8. How can I manage my tokenised cards?
   Card holders can call up the Standard Chartered Bank client contact centre to manage their tokenised cards. Card holders can place request for delete, suspend, resume of tokens through the contact centre team.
9. Will tokenisation have any impact on the POS transactions that the card holder does at merchant outlets?
   No. Tokenisation is only required for carrying out the online transactions
10. What are the charges that the card holder needs to pay for availing this service?
    The client need not pay any charges for availing the service of Tokenising the card.
11. Who can perform tokenisation and de-tokenisation?
    Tokenisation and de-tokenisation can be performed only by the card issuing Bank or Visa / Mastercard who are referred as authorised card networks.
12. Are the client’s card details safe after tokenisation?
    Actual card data, token and other relevant details are stored in a secure encrypted mode by the card issuing Bank and / or authorised card networks. Token requestor / merchants cannot store full card number or any other card detail.
13. Is tokenisation of card mandatory for a client?
    No, a client can choose whether or not to let his / her card tokenised. If not Tokenised, starting 1st October 2022, the card holder must enter the full card number, CVV and Expiry date every time to complete their online transactions.
14. Is there any limit on the number of cards that a client can request for tokenisation?
    A client can request for tokenisation of any number of cards to perform a transaction.
15. Can the client select which card to be used in case he / she has more than one card tokenised?
    For performing any transaction, the client shall be free to use any of the cards registered with the token requestor / merchant.
16. Once tokenised, how will the client see the card details on the merchant page?
    The client will see the last 4 digits of the card on the merchant page
17. What will happen to the token once the client’s card gets replaced or renewed or reissued or upgraded?
    The client should again visit the merchant page and create a fresh token to be able to do online transactions. It will also be applicable for wallets like Samsung Pay where once card is replaced/renewed or reissued/upgraded, client needs to do re-provisioning for creating a token.
18. Will the card tokenisation need to be done at every merchant?
    Yes. A token must be unique to the card at a specific merchant. If the client intends to have save his/her card at different merchants, then tokens must be created at all the merchants.
19. If the card holder is having 3 different cards, then is the card holder expected to create 3 different tokens at the same merchant.
    Yes. As mentioned earlier, token must be unique for a combination of card and merchant.
20. Can a card issuer refuse tokenisation of a particular card?
    Based on risk perception, etc., card issuers may decide whether to allow cards issued by them to be registered by a token requestor / merchant.