I got a mail from free charge..
.
That email is somewhat misleading.
Freecharge is not adding any extra layer of security. It is whichever bank that issued the particular card, who will be adding this security feature.
Also, it is not a RBI guideline. It is a RBI mandate. All merchants have to comply to this mandate, and implement the new functionality before Dec 31, 2021.
Tokenization:
RBI has introduced a new feature called "Tokenization" of debit/credit cards.
According to this new feature, merchants can no longer store the card details (Card Number, Name, Expiry Date, CVV) of customers on their website/app (database).
All merchants must purge (delete) any existing card details of customers they have with them.
As per the new feature, a 'token' has to be created for every debit/card a customer wants to store on a merchant's website/app. This token will be unique for each merchant and each card. This token is what will be shared with the merchant. None of the card details will be shared with the merchant. For easier identification purposes, the customer will still be able to view the last 4 digits of their card number displayed on the merchant website/app.
This is something similar to UPI (which is for bank accounts), but for debit/credit cards.
In my opinion, this is a very good move by RBI.
Even in case if a website/app is hacked, the hacker won't get access to a user's Card Number, Name, Expiry Date or CVV.
Please read the complete details in the (Source) linked page below from HDFC bank. It is very informative.
Source: