Topics In Demand
Notification
New

No notification found.

Reserve Bank of India (RBI): Representation on facilitating compliance with Card-on-file Tokenisation
Reserve Bank of India (RBI): Representation on facilitating compliance with Card-on-file Tokenisation

June 24, 2022

138

0

In compliance with the PA/PG guidelines, merchants and payment aggregators (PAs) will be required to purge stored card data on June 30th i.e., a week from now. The RBI had granted an extension to the industry for the same by six months in December. With a few days left for purging stored card details deadline, we made a representation to the RBI apprising it of readiness of industry to implement card-on-file tokenisation (CoFT).

In our representation, we noted the following:

  • Most card schemes are ready with token provisioning. For token processing and use-cases, progress has been made with respect to a few use cases.
  • For non-token based transactions i.e., guest checkouts and first transactions, and recurring mandate, industry has suggested that the RBI may consider allowing acquirer banks to store card number of a user, for limited period for transaction tracking purposes after the payment is made. It has been suggested as a temporary measure and only till a solution is ready on this. Since acquirers are RBI regulated entities, and in most cases, would be issuers as well, it will be feasible to allow them to store customer card credentials.
  • We also noted that for merchants and payment aggregators to be able to comply June 30th deadline, it needs to be ensured that all three stages of tokenisation – token provisioning, token processing, and use-cases need to be available. Currently, the ecosystem appears to be operating in the absence of transparency around the readiness of issuer banks and their coverage by card networks.
  • We also highlighted impact on services which use single application and payment services globally such as cab aggregators. In such cases, payment is made after delivery of service i.e., after the ride. Therefore, only stored cards can be used for payment processing since the payment takes place post-delivery of service. However, since merchants are not allowed to store card on file data, they would no longer be able to provision services to Indian cardholders when they travel abroad. The only exception to this is in few countries, where there are vendors who have capability to support token-based transaction processing. However, this is not a long-term solution as it is limited to only a few countries and the capability is limited to only a few payment service providers.

For more information, kindly write to apurva@nasscom.in.


That the contents of third-party articles/blogs published here on the website, and the interpretation of all information in the article/blogs such as data, maps, numbers, opinions etc. displayed in the article/blogs and views or the opinions expressed within the content are solely of the author's; and do not reflect the opinions and beliefs of NASSCOM or its affiliates in any manner. NASSCOM does not take any liability w.r.t. content in any manner and will not be liable in any manner whatsoever for any kind of liability arising out of any act, error or omission. The contents of third-party article/blogs published, are provided solely as convenience; and the presence of these articles/blogs should not, under any circumstances, be considered as an endorsement of the contents by NASSCOM in any manner; and if you chose to access these articles/blogs , you do so at your own risk.


images
Apurva Singh
Senior Policy Associate

Write to me for all things related to FinTech, Drones, Data and Gaming

© Copyright nasscom. All Rights Reserved.