The digital payments growth in India has positioned the country as a global fintech leader, with online transactions growing 80% in 2020 and UPI transactions witnessing a 120% growth last year, further accelerated by the pandemic. The convenience and ease offered by digital payments continue to sustain the use of online transactions even after continuous lockdowns.
Additionally, the current 160 million unique mobile payment users will multiply by 5 times to reach nearly 800 million by 2025, provided the government policies are focused on customer satisfaction, financial inclusion and digitization of merchants. The Reserve Bank of India (RBI) has released its revised guidelines on online data storage. Upon the update coming into effect in January 2022, cardholders may have to enter their 16-digit card number every time they shop online as opposed to entering the one-time password (OTP) and card verification value (CVV). The RBI is proposing another rule change that regards banning the storage of payment card numbers by online merchants, payment aggregators, and ecommerce websites.
According to RBI, while the guidelines will be technology and platform agnostic, it will create an enhanced and enabling environment for customers to use digital payment products in a more safe and secure manner.’ Empower India, a leading policy think tank, organised a discussion on the new regulation to arrive at a recommendation on best practices to implement the tokenisation regime. Avimukt Dar, Senior and Founding Partner, IndusLaw, said, The RBI’s framework for processing of e-mandates institutes compliance burden on customers as well as businesses which might lead to frequent occurrence of transaction failures, hamper user experience and customer satisfaction, and limit product innovation.
Dr. Aruna Sharma IAS, Former Secretary, Govt. of India, said, Card-On-File technology has internal tokenization procedures that encrypt card data. However, this will affect innovations such as single-click payments. It also takes refunds and dispute resolution away from the control of merchants. As per DPIIT directions, merchants are to be held responsible for frauds, but they are denied access to data on their own platform. This will lead to data aggregating being concentrated in a few hands who will be prone to cyber-attacks. Any system failure here will affect the entire chain.
Ms. Shreya Suri, Partner, IndusLaw, was of the opinion that, The preparedness of the industry will soon be under the scanner on the issue of restriction on storage of CoF data by payment aggregators and merchants and the guidelines to adopt tokenization as a possible solution. The merchant, issuer bank, payment aggregator and the acquiring bank involved in the transaction will come to rely solely on the token issued by the card network provider. This will make the e-mandate architecture redundant for many use-cases, and requires clear guidelines on the inter-play and co-existence of the two.
Mr. Ram Rastogi, Digital Payments Strategist, said, In India, digital payments are used by nearly 300 million consumers out of a vast population of 1.37 billion people. The COVID-19 pandemic has further pushed the impetus of digital payments, so we can expect even more acceleration in the future, with many first-time users adopting digital payments and merchants stepping up. RBI has found that the more the number of transactions grows on average 6 billion transactions per month it has to address the convenience and security of consumers. RBI has to assess the preparedness of the industry to be able to implement before finalising the date of commencement of the COF rule.
Dr. Avik Sarkar, Professor, Indian School of Business, Former Head, Data Analytics Cell, Niti Aayog, highlighted, With the massive increase in online transactions, protecting the security of the customer becomes important. However, the additional compliances and infra costs that comes with this, will invariably be passed on to the end consumer at a time when price of commodities are at an all-time high. While security is paramount the cost factor also has to be factored in.
If businesses and customers are not allowed to store card on file details, there will be no way to offer a seamless payment solution for recurring and single-click online payments. This would make it difficult for end-consumers to enter the details manually for every transaction, making payments tedious, time-consuming, and inconvenient, while also deterring a large number of customers. There is a need to introduce a mechanism that promotes and supports innovation in the digital payment sector. Stakeholders must come together to create a framework that enables customer convenience and ensures security while also demarcating clear roles for fintech and banking sectors to help promote the ecosystem.