The country's central bank The Reserve Bank of India (RBI) is preparing to implement the card tokenization system from October 1, 2022. Once implemented, merchants, payment aggregators, and payment gateways will not be able to retain your debit/credit card details. You will have to provide the card details every time for online transactions. This will protect your card details. It will also help in preventing online banking fraud. If you want to avoid the hassle of entering the card information again and again, you can convert your card into a token.
However, tokenization has not been made mandatory. Whenever you make a purchase from any e-commerce app or website, you are asked for debit/credit card details. With this, you do not have to provide this information every time for future transactions. However, this facility becomes a risk at times when your card details are stolen. Tokenization is a process in which the 16-digit number on your card is replaced with an optionally-encrypted code. This is called a token. The token associated with your card will vary from merchant to merchant. It can be used for online transaction POL transactions or in-app transaction POL.
The merchant or its Payment Aggregator (PA) participating in transaction settlement may keep CoF data for a maximum of T+4 days (where "T" denotes the transaction date) or until the settlement date, whichever comes first.