Is RBI in sync with industry? Experts want tokenization deadline extended
India’s central bank Reserve Bank of India should extend the proposed deadline of October 31st to help payment merchants and card providers help transition smoothly to the central bank’s tokenisation plan, said Aruna Sharma, retired IAS and Former Secretary, Ministry of Electronics and IT (MEITY). Sharma said this in a Twitter Space organized by The Plunge Daily on Friday. It was also attended by Utpal Chakraborty, a renowned data scientist.
Tokenization, first discussed by the central bank in 2020, is the process of replacing sensitive debit/credit card details with an alternative coding system – a “token”. It is generated uniquely every time a customer pays for something and brings with it three-level protection to online transactions. This also means that after tokenization is implemented, the client won’t be able to save their card details on any shopping website. Every time, a fresh process will ensue, bringing more transparency to online transactions. This process would secure card transactions from online fraud and hacking attempts. However, many analysts and financial experts have been demanding an extension to the deadline of October 1st, as many merchants and small lenders are not ready for this change yet.
“It is very important that the proof of concept is tested before the deadline date. If we are half-prepared, it will create a lot of disruptions and a lot of grievances for card networks, payment aggregators, payment gateways, merchants and even consumers. It is very important to extend this deadline,” said Sharma, a practitioner Development Economist. Apart from her stint as Former Secretary, Ministry of Electronics and IT (MEITY), she has also worked as a Member of the Reserve Bank of India’s high-level committee on deepening digital payments in India. Moreover, she has also worked in the fields of Digital Transformation, e-Governance, FinTech, and Digital Assets as well as core sectors like Steel and Mining.
Chakraborty, who has been a principal architect in Larsen & Toubro (L&T) Infotech, and worked with companies like IBM, Capgemini and YES Bank, said the new system is not sufficiently tested.
“Probably the APIs are ready from Mastercard, Visa APS are ready from the bank side, but this needs to be integrated with the merchants. For the smaller merchants, it’s the festive season abd it might affect their revenue. In this particular season of the year, most of the small merchants or medium merchants earn a lot. If all the existing stored cortices like file-on-card details are deleted, there is a chance that he may choose some other payment method. A hurried implementation of the deadline can be a very, very big risk to the economy,” said Chakraborty, a well-known speaker and author of four bestselling books on artificial intelligence, Quantum Computing and the Internet of Things. He has also been recognized as Global AI Ambassador 2022. “Giving extension is important because you need to do complete security testing. Apart from this testing, it should be done at all other ends also,” he added.
Dr Sharma said the moment the system is not able to address these kinds of grievances, it’s going to create a loss of faith in a very well thought tokenization plan. “All post transaction activities, chargeback, handling settlement is the responsibility of the merchant because that is the front face. So how do you take care of security? Holding the hands of these small MSMEs is important to educate and create public awareness,” she said.
Dr Sharma also stressed that this might be especially painful for new entrepreneurs. “A new entrepreneur needs consistency in the policy. Their risk-taking ability is very low. Their focus is more on building up their enterprise. The moment we shift to tokenization, everybody will have to shift to tokenization. And the multiple choices you had of cards and debit cards to make your payments or through fintech mechanisms, all of it will need to be rewritten. I don’t know how their servers are going to handle this kind of storage of data for grievance redressal at the aggregator’s level. So the startup companies will postpone their enterprise by a couple of months till clarity comes up,” said Sharma.
Chakraborty said these companies might also face a lot of technical issues. “First thing is the change of interface, when we are taking the details for the payment. Then there are things like certification. Many small merchants lost over 20 per cent of their sales, when the last time something like this change was brought. The number this time might be much higher,” he stressed.
In March 2020, RBI had issued guidelines that e-commerce websites and merchants will not be allowed to save card information on their websites to boost data security. In September 2021, it gave companies till the end of the year to comply with the regulations but extended after most payment vendors were not equipped to handle the change. After many failed attempts to push the initiative, the central bank set October 31st, 2022 as the deadline.