It also informed that it expects to purge the saved card data before the Reserve Bank of India (RBI) deadline of 30 June.
"Paytm is committed to safe and secure online payments, and in that direction, RBI's tokenisation effort is a key milestone for the industry. We recognised the need for tokenised cards and implemented the same on the Paytm app," said Vijay Shekhar Sharma, the company founder and CEO.
"The company has tokenised 28 million cards across Visa, Mastercard and RuPay in its effort to make online card transactions safe and secure for consumers. With this rapid pace, Paytm will be able to purge saved card data ahead of the RBI deadline," he added.
RBI deadline
The RBI has set a deadline of 30 June for companies to complete tokenisation.
In March 2020, the central regulator had issued guidelines for the regulation of payment aggregators and payment gateways, prohibiting payment aggregators and merchants to store customer card credentials within their database or server from 30 June 2021.
Later in March last year, RBI extended the deadline by six months to 31 December. Following requests from industry bodies and other stakeholders, the deadline was further extended by six months.
What is tokenisation?
Referred to as tokenization, the process involves the replacement of actual card details with an alternate code called the token, which will be unique for a combination of card, token requestor and identified device.
Instead of using actual card details, this token is used to perform card transactions in contactless mode at point of sale (POS) terminals and quick response(QR) code payments.
The RBI has permitted to offer tokenised card transaction services to all channels, such as near field communication (NFC), magnetic secure transmission (MST) based contactless transactions, in-app payments, QR code-based payments or token storage mechanisms, including cloud, secure element and trusted execution environment.
At present, tokenised card transaction facilities would be offered through mobile phones or tablets only and will be extended to other devices later based on experience.
The RBI has said before providing card tokenisation services, authorised card payment networks shall put in place a mechanism for periodic system audits, at least annually, of all entities involved in providing card tokenisation services to customers.
The central bank also asked card issuers to ensure easy access to customers for reporting a loss of 'identified device' or any other such event, which may expose tokens to unauthorised usage.
