Tokenization is a process to mask the sensitive card information, such as the 16-digit card number, by converting it to a generated string of characters called token. This tokenization process makes the card information unusable in case of a data breach or exposure.
The latest regulation from Reserve Bank of India on credit card storage directs merchants to not store any card information. Alternatively, the token can be used for storage and processing of the card. The token ID is stored instead of the actual card information.
Frequently asked questions
Why do I need to provide consent?
Consent is needed for Microsoft to get the token generated and store it. Once consent is provided, the generated token ID is saved in a secure way and would be used for all future transactions.
What happens if I don’t provide consent?
You won't be able to add or use the card as a payment method if you don't consent for tokenization. The cards that were added previously without consent for tokenization will be removed by 1st October 2022.
Why is my transaction/card validation failing even with consent?
Your transaction or card validation might fail even if you granted consent because your bank doesn't support tokenization or they're having issues generating tokens and processing transactions.