Topics In Demand
Notification
New

No notification found.

Reserve Bank of India: Representation on Facilitating Compliance with Card-on-File Tokenisation
Reserve Bank of India: Representation on Facilitating Compliance with Card-on-File Tokenisation

January 24, 2022

328

0

  1. Backdrop

The RBI, on December 23, 2021, had granted an extension to merchants and payments aggregators to purge card-on-file data by six months i.e., till June 20, 2022. After this, the merchants and payment aggregators, in accordance with the PA/PG guidelines, will be required to purge stored card data and implement card-on-file tokenisation.[i] In this regard, we made a representation to the FinTech Department, Reserve Bank of India (RBI) highlighting the existing concerns of the industry on the implementation of Card-on-File tokenisation (CoFT).

  1. NASSCOM’s representation to RBI

We highlighted that while the deadline to store cards has been extended for merchants and PAs, the concerns around readiness of regulated entities (REs) remain unaddressed. These concerns may cause disruption in the digital payment ecosystem and on consumer experience.

The industry, especially small and medium enterprises (SMEs) and start-ups are still recovering from the aftereffects of disruption caused by e-mandate on recurring transactions. This is also evidenced by the information available on the websites of many banks indicating that most of the merchants onboarded by the banks for their Merchant Standing Instructions are large merchants and not the SMEs.[ii] This is despite extensions granted by the RBI to the industry to develop and integrate their respective solutions to comply with the e-mandate on recurring transactions.

One of the key reasons behind it is the absence of transparency around the readiness of regulated entities (REs). Till the deadline i.e., September 30, 2021, the ecosystem was uncertain if the regulated entities have their respective solutions ready, and there were delays in sharing stable Application Programming Interface (API) documentation which further delayed the compliance with the e-mandate.

  • Assessing the state of preparedness

Even though an extension has been granted by the RBI to merchants and payment aggregators for storing card details till June 30, 2022, the entire ecosystem appears to be operating in the absence of transparency around the coverage of issuer banks which networks have at this point and the state of readiness of the RBI regulated entities. To this effect i.e., ensuring smooth transition to CoFT by the industry, we made the following recommendations to the RBI:

  • The payments ecosystem is an interdependent ecosystem wherein various stakeholders – card networks, card issuers and merchants – rely on each other to ensure seamless digital transactions for customers. Merchants are dependent on readiness of REs i.e., issuer banks, card networks, who offer tokenisation services. In the absence of timely viable solutions for tokenisation, merchants may again be left in a lurch at the time when the current deadline for compliance expires. A viable solution for merchants would be one where at-least banks issuing 80% of the cards have integrated and tested the CoFT solution with the networks and stable APIs are available to the merchants for them to test and integrate themselves with the CoFT solutions. Without this, they will face the risk of being required to purge card data from their systems without having access to tokenised data.
  • In the recent past, when RBI had extended the timeline for e-mandate on recurring transactions in March, 2021, issuer banks were still not ready by September 30, 2021, thereby resulting in disruption for the merchants and consumers.  
  • To ensure smooth transition and integration of the respective systems, and to ensure that consumer experience is not impacted, we suggest:
  • RBI monitored compliance of regulated entities: As stated above, there is no clarity about how many issuer banks and acquirer banks have integrated their solutions with card networks. RBI monitored compliance shall ensure that the REs adhere to the timeline and the transition to CoFT does not adversely disrupt the ecosystem like e-mandate on recurring transactions.
  • This information should be published by the RBI on its website and updated weekly or at an appropriate frequency to serve as a single and credible source of information for the entire ecosystem.

For more information, kindly write to apurva@nasscom.in.

 

[i] Read more about it here, here and here.

[ii] For instance, the HDFC Bank has, as on January 21, 2022, listed 40 merchants on its website who are live with its Merchant Standing Instructions. Neither of these 40 merchants is an SME. Similarly, Yes Bank has a list of 14 merchants who are live with its Standing Instructions for Yes Bank Credit Card. Neither of these 14 merchants is an SME. While Public Sector Banks like the State Bank of India and the Bank of Baroda have gone live, they do not have list of merchants publicly available on their respective websites.


That the contents of third-party articles/blogs published here on the website, and the interpretation of all information in the article/blogs such as data, maps, numbers, opinions etc. displayed in the article/blogs and views or the opinions expressed within the content are solely of the author's; and do not reflect the opinions and beliefs of NASSCOM or its affiliates in any manner. NASSCOM does not take any liability w.r.t. content in any manner and will not be liable in any manner whatsoever for any kind of liability arising out of any act, error or omission. The contents of third-party article/blogs published, are provided solely as convenience; and the presence of these articles/blogs should not, under any circumstances, be considered as an endorsement of the contents by NASSCOM in any manner; and if you chose to access these articles/blogs , you do so at your own risk.


images
Apurva Singh
Senior Policy Associate

Write to me for all things related to FinTech, Drones, Data and Gaming

© Copyright nasscom. All Rights Reserved.