ADVERTISEMENT

RBI Extends Deadline For Card Data Storage And Tokenisation

RBI gives payments industry more time to comply with card data storage and tokenisation guidelines.

<div class="paragraphs"><p>Outside the Reserve Bank of India's office.</p></div>
Outside the Reserve Bank of India's office.

The Reserve Bank of India has extended the deadline for implementation of rules that said that card data cannot be stored on file by merchants. It has also extended the deadline of tokenisation or the process of replacing that data with tokens.

The deadlines for both sets of guidelines have been extended from June 30 to September 30, the RBI said in two separate statements on its website.

This is now the third extension of deadlines by the regulator, since the card storage guidelines were first introduced in March 2020.

The card data storage guidelines require all entities, excluding card issuers and card networks, to stop storing customer card data as an enhanced security measure. Any data stored till now will be purged from the systems after the deadline.

To facilitate digital transactions, the RBI had also released a framework for card-on-file tokenisation. So far, 19.5 crore tokens had been created under this framework, the RBI said.

While there has been considerable progress, some issues continue to remain.

Transaction processing based on tokens has commenced, though it is yet to gain traction across all categories of merchants, the RBI said.

"Further, an alternate system in respect of transactions where cardholders decide to enter the card details manually at the time of undertaking the transaction (commonly referred to as “guest checkout transactions”) has not been implemented by the industry stakeholders, so far," the regulator said.

These issues are being dealt with in consultation with the stakeholders, and to avoid disruption and inconvenience to cardholders, the RBI has decided to extend the deadlines for card storage and tokenisation guidelines.

The extension may be utilised by market participants for:

  • Processing transactions based on tokens.

  • Implementing an alternate mechanism to handle all post-transaction activities, including chargeback handling and settlement, that currently involve or require storage of card-on-file data by entities other than card issuers and card networks.

  • Creating public awareness about the process of creating tokens and using them to undertake transactions.

"The Reserve Bank encourages cardholders to tokenise their cards for their own safety. Cardholders’ payment experience will be enhanced through an added layer of security by way of tokenisation," the RBI said in its statement.

In a statement, Vishwas Patel, chairman at Payments Council of India said that while the payments industry was striving to comply with the guidelines, some last minute issues cropped up.

"Solutions required to resolve the issues were being actively worked on but were to be primarily resolved by the networks, Issuers and Acquirers within the ecosystem. The timeline to implement the fixes was very close to June 30, 2022 and hence the industry perceives a risk to the overall readiness for a smooth transition to the tokenisation framework," Patel said.

The extension provided by the RBI will provide breathing space to all market participants and will help in smoother transition, he said.

BQ Prime had reported on June 14, that the banking industry had made representations to the RBI for extension of these guidelines, as they felt that the system is not fully ready.