RBI Extends Card Tokenisation Deadline For Payment Stakeholders Till June 2022

RBI Extends Card Tokenisation Deadline For Payment Stakeholders Till June 2022

SUMMARY

Now ecommerce companies and others, who store users’ card data, have another six months to comply with the rules

After June 30, 2022, all non-bank payment system participants and merchants will have to purge card data from their systems

Previously, companies such as Google Play Store, PhonePe, Pine Labs, PayU, among others have complied with the tokenisation rules, asking customers to shift to card-on-file transactions (CoFT)

In January 2019, the Reserve Bank of India (RBI) released guidelines on tokenisation for debit, credit, and prepaid card transactions. In March 2021, it asked all financial players to move towards tokenisation by 31st December 2021. Now, ecommerce companies and others, who store such users’ card data, have another six months to comply with the rules.

Aimed at regulating India’s fintech ecosystem, the RBI had brought in a slew of changes in the past few years. The recent one among these was aimed to regulate payment aggregators (PA) and ecommerce merchants, restricting them from storing card data. In March, it had said, “With effect from January 1, 2022, no entity in the card transaction or payment chain, other than the card issuers and card networks, should store the actual card data. Any such data stored previously will be purged.”

Now, the central bank also allowed the payment industry to devise new methods to handle recurring and EMI payments without storing cards. It has asked all non-bank payment system participants and merchants to purge card data from their systems by June 30, 2022.

Tokenisation involves replacing actual card details with a unique alternate code — ‘token’. The novel feature would be a combination of card, token requestor and identified device, with card networks such as Visa, Mastercard and others at the centre of payment services.

To date, several firms have moved towards tokenisation, including Google Play stating that it will not collect card data, asking users to move towards tokenisation of cards to maintain a smooth flow of transactions. It also partnered with Mastercard for the same.

A few weeks ago, PhonePe announced the launch of its SafeCard — a tokenisation solution for online debit and credit card transactions. PhonePe’s SafeCard will make recurring payments convenient and safe, by allowing payment providers to save cards using tokens. This solution supports all major card networks such as Mastercard, Rupay, and Visa. PineLabs, too, launched Plural Tokenizer, a CoF tokenisation solution that will replace the debit or credit card details of the cardholder.

Delhi NCR-based fintech PayU on the other hand launched “PayU Token Hub”, enabling businesses to comply with RBI’s guidelines on online card data storage whilst allowing issuing banks to also generate their tokens.

In October, the National Payments Corporation of India (NPCI) launched the NPCI Tokenisation System (NTS), which will tokenise and mask the real RuPay card details (CoFT: card-on-file tokenisation). With the NTS, RuPay cards can be tokenised to protect customer data and privacy.

Without the deadline, customers of major online digital platforms such as Amazon, Zomato, Meesho would be affected, since these marketplaces would have had to delete customer card data. They still need to move towards tokenisation, enabling access to card networks such as Visa, Mastercard and RuPay to issue tokens on behalf of the card-issuing banks or companies.

The Payments Council of India (PCI) welcomes the deadline stating that it would help “payments system participants and merchants to implement comprehensive card-on-file solutions”. The industry will utilise the next six months to implement appropriate uniform solutions for seamless migration for cardholders as well as ensuring adequate security for storage, it added.

Step up your startup journey with BHASKAR! From resources to networking, BHASKAR connects Indian innovators with everything they need to succeed. Join today to access a platform built for innovation, growth, and community.

You have reached your limit of free stories
Become An Inc42 Plus Member

Become a Startup Insider in 2024 with Inc42 Plus. Join our exclusive community of 10,000+ founders, investors & operators and stay ahead in India’s startup & business economy.

2 YEAR PLAN
₹19999
₹7999
₹333/Month
UNLOCK 60% OFF
Cancel Anytime
1 YEAR PLAN
₹9999
₹4999
₹416/Month
UNLOCK 50% OFF
Cancel Anytime
Already A Member?
Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

RBI Extends Card Tokenisation Deadline For Payment Stakeholders Till June 2022-Inc42 Media
How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

RBI Extends Card Tokenisation Deadline For Payment Stakeholders Till June 2022-Inc42 Media
Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

RBI Extends Card Tokenisation Deadline For Payment Stakeholders Till June 2022-Inc42 Media
Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

RBI Extends Card Tokenisation Deadline For Payment Stakeholders Till June 2022-Inc42 Media
RBI Extends Card Tokenisation Deadline For Payment Stakeholders Till June 2022-Inc42 Media
You’re in Good company