The Reserve Bank of India has given breathing space to businesses as it has deferred the implementation of tokenization of debit and credit cards by six months. The earlier deadline was December 31, 2021.
The central bank in a circular said this decision was made in light of various representations. “We advise as under: a) the timeline for storing of CoF data is extended by six months, i.e., till June 30, 2022; post this, such data shall be purged; and b) in addition to tokenization, industry stakeholders may devise alternative mechanisms to handle any use case (including recurring e-mandates, EMI options, etc) or post-transaction activity, (including chargeback handling, dispute resolution, reward/loyalty programme, etc) that currently involves or requires the storage of CoF data by entities other than card issuers and card networks.”
The new deadline comes after digital payment firms, like Merchant Payments Alliance of India (MPAI) and the Alliance of Digital India Foundation raised concerns over industry readiness. MPAI and ADIF said the ecosystem readiness is a sequential process of going live with stable API (application programming interface) documentation for tokenized transactions.
In a joint letter, they highlighted that the digital payments ecosystem is a long way from consumer-ready solutions and unless regulated entities are compliant, merchants will not be able to successfully process tokenized transactions. “In the scenario that banks lax on preparedness, the brunt of that will be borne by merchants in the form of loss of revenue – we are looking at revenues losses of anywhere between 20-40% at the minimum should that be the case,” said AIDF.
The RBI had prohibited merchants, in September, from storing customer card details on their servers with effect from January 01, 2022, and mandated the adoption of CoF tokenization as an alternative to card storage. The industry bodies said that if implemented in the present state of readiness, the new RBI mandate could cause major disruptions and loss of revenue, especially for merchants.
Vishal Mehta, Chair of Governing Council, MPAI, said this unpreparedness will impact recent digital payments adopters even deeply. “The frequency and intensity of phishing attempts will go as entire card details are to be entered for each transaction, causing a significant increase in irreversible fraudulent transactions.”