Topics In Demand
Notification
New

No notification found.

Reserve Bank of India: Update on storing Card-on-File data for guest checkouts and other post-transaction activities
Reserve Bank of India: Update on storing Card-on-File data for guest checkouts and other post-transaction activities

July 29, 2022

345

0

 

 

The Reserve Bank of India (RBI), after stakeholder consultation, has released a clarification on storing card-on-file (CoF) data for guest check-out transactions and other post-transaction activities. However, the timeline to purge CoF data, except for card issuers and networks, remains the same.

In its clarification, to ease transition to card-on-file tokenisation, the RBI has suggested that as an interim measure for guest checkouts, the merchant or its Payment Aggregator (PA) involved in settlement of such transactions, can safe CoF data for 4 more days in addition to the transaction data or till the settlement date, whichever is earlier. Post the settlement of such transactions, the data has to be purged.

For other post-transaction activities, the RBI has allowed acquiring banks to store CoF data till January 31, 2023.

Backdrop

The RBI after reviewing the tokenisation framework, on September 7th, 2021 issued a directive with certain enhancements to its  extant framework on card tokenisation services. Prior to this on August 25th, the RBI had extended the scope of permitted devices for card tokenisation transactions to all consumer devices enabling compliance for the industry with the Guidelines on Regulation of Payment Aggregators and Payment Gateways (PA/PG Guidelines).

The deadline to purge stored card data details, in compliance with the PA/PG Guidelines, was initially June 30th, 2022. This has been extended by the RBI to September 30th, 2022. However, due to the absence of solutions for non-token based transactions such as guest checkouts, the RBI has released a clarification stating interim measures.

You can read more about it here, here and here.

For more information, kindly write to apurva@nasscom.in.

 


That the contents of third-party articles/blogs published here on the website, and the interpretation of all information in the article/blogs such as data, maps, numbers, opinions etc. displayed in the article/blogs and views or the opinions expressed within the content are solely of the author's; and do not reflect the opinions and beliefs of NASSCOM or its affiliates in any manner. NASSCOM does not take any liability w.r.t. content in any manner and will not be liable in any manner whatsoever for any kind of liability arising out of any act, error or omission. The contents of third-party article/blogs published, are provided solely as convenience; and the presence of these articles/blogs should not, under any circumstances, be considered as an endorsement of the contents by NASSCOM in any manner; and if you chose to access these articles/blogs , you do so at your own risk.


images
Apurva Singh
Senior Policy Associate

Write to me for all things related to FinTech, Drones, Data and Gaming

© Copyright nasscom. All Rights Reserved.