How RBI’s Move To Secure Customers’ Data Can Put Startups At A Disadvantage

How RBI’s Move To Secure Customers’ Data Can Put Startups At A Disadvantage

SUMMARY

The RBI’s ‘Card on File Tokenisation’ move to securing the customers’ card data should not put Indian startups at a disadvantage with global players, ADIF Executive Director Sijo Kuruvilla George tells Inc42

The ‘Card on File Tokenisation’ solution has limitations and does not address key use cases, where card details need to be available or shared with upstream or downstream partners

The ‘Card Vaults’ solution would provide the same protection and could be a better solution as it will also allow more players in the ecosystem to participate through the secured RBI licensed banks, he adds

As the Reserve Bank of India (RBI) takes fresh measures to protect the customers’ card data at the end of merchants and payment aggregators, the Alliance of Digital India Foundation (ADIF), representing over 250 digital startups, has told Inc42 that although the central bank’s move is welcomed, the method of securing the card data should not put startups at a disadvantage with global players.

According to Sijo Kuruvilla George, Executive Director, ADIF, ‘Card on File Tokenisation’, which is the proposed method by the RBI to safeguard customers’ data, will not allow payment aggregators and merchants to store card data and will instead replace the card data with a tokenised value. 

“However, this solution has limitations which will need to be addressed for seamless transition from status quo. This solution does not address key use cases, where card details need to be available or shared with upstream or downstream partners today,” George said.

“Care should be taken that the business practices that need to be adopted for our startups to be in compliance with norms do not disadvantage startups to be at par and compete efficiently with global players operating out of other geographies,” he stressed.

Among the key concerns raised by ADIF are: EMI transactions require offline file submission to banks with card details; banks use this detail to convert cards transactions to EMI and merchants use the first 6 digits of the card to determine the network, issuer, card type, et al to surface bank offers to their customers.

“Card Vaults would provide the same protection and could be a better solution as it will also allow more players in the ecosystem to participate through the secured RBI licensed banks,” George told Inc42.

What are Card Vaults

Partner banks offer a secure vault system where individual card numbers would be encrypted and stored with a unique reference no or token for each card, which is device agnostic.

The saved cards would, therefore, be aliased and returned in the form of tokens by the Bank to the merchants and payment aggregators. Payment aggregators’ existing saved cards would be moved to their partner bank’s vaulting service, allowing existing users to continue to transact seamlessly using underlying secure tokens issued by the bank.

Payment aggregators would store and manage the association of these cards with their customers and/or merchant’s customers to which the card belongs to in the form of a token returned by the bank.

Keep Larger Objective In Sight

Late last month, the RBI extended the scope of tokenisation from mobile phones and tablets to include all consumer devices like laptops, desktops, wearables, and Internet of Things (IoTs), etc. 

The aim was to guard customer data against the growing incidents of data breaches the Indian tech sector has witnessed in the recent months.

“It is great that the RBI wants to protect Indian users’ payment data and we are completely in alignment with this objective. However, the larger objective and advocacy remains this; we should strive for solutions that best address the needs for privacy, lower compliance costs and seamless user experience,” George noted.

“The difference of opinion we have (with the RBI) is regarding the method of securing customers’ data,” said George.

The ADIF, that has founding members like Paytm, MapMyIndia, Innov8, matrimony.com and others, has already submitted a letter to the RBI, stressing that payment aggregators and payment gateways appear unlikely to be prepared for compliance with the RBI norm by December 31, 2021.

“The issuers and networks will likely need to do some work before the ‘card on file tokenisation’ solution is ready. Similarly, once these are addressed, payment aggregators will need time to integrate and make this work with upstream and downstream partners,” ADIF said.

Not only the ADIF, the Payments Council of India (PCI) had also said earlier that it was also closely working with the RBI on possible security solutions to protect users’ card data.

Note: We at Inc42 take our ethics very seriously. More information about it can be found here.

You have reached your limit of free stories
Become An Inc42 Plus Member

Become a Startup Insider in 2024 with Inc42 Plus. Join our exclusive community of 10,000+ founders, investors & operators and stay ahead in India’s startup & business economy.

2 YEAR PLAN
₹19999
₹7999
₹333/Month
UNLOCK 60% OFF
Cancel Anytime
1 YEAR PLAN
₹9999
₹4999
₹416/Month
UNLOCK 50% OFF
Cancel Anytime
Already A Member?
Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

How RBI’s Move To Secure Customers’ Data Can Put Startups At A Disadvantage-Inc42 Media
How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

How RBI’s Move To Secure Customers’ Data Can Put Startups At A Disadvantage-Inc42 Media
Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

How RBI’s Move To Secure Customers’ Data Can Put Startups At A Disadvantage-Inc42 Media
Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

How RBI’s Move To Secure Customers’ Data Can Put Startups At A Disadvantage-Inc42 Media
How RBI’s Move To Secure Customers’ Data Can Put Startups At A Disadvantage-Inc42 Media
You’re in Good company