From July 1, payment aggregators, payment gateways and merchants cannot store the card details of customers, and transactions would take place through tokens issued by the permitted card networks
Razorpay does not anticipate any challenges under the new rules and said that the success rate of tokenised transactions is high
However, merchants are jittery about the change and said infrastructure is not ready for the transition
As the Reserve Bank of India’s (RBI’s) deadline for purging customers’ card data approaches, payment aggregators and merchants are gearing up for the use of tokenised card transactions from July 1.
As per the central bank’s directive, payment aggregators, payment gateways and merchants can store customers’ card data up to June 30 this year. After this, they will have to purge these data from their database and only tokenised card transactions will be supported.
Considering the challenges around the transition, the deadline has already been extended twice in the past – from June 30, 2021 to December 30, 2021 and later to July 1, 2022 — at the request of payment companies and merchants.
However, the merchants are still worried about the impact of this change on their businesses as they feel the required infrastructure for the transition is not ready yet.
The Tokenisation Story
With the implementation of CoFT or tokenisation, customers’ card details will be replaced by a unique alternate code called ‘token’ or a set of random numbers. The token will be issued by card networks such as Visa, RuPay and MasterCard to token requestors. Customers will need to use the issued token while making payments at merchants’ websites.
In essence, tokenisation will ensure that a transaction is completed without the actual card details of customers. According to the RBI, a tokenised card transaction is considered safer as the actual card details are not shared with the merchant during transaction processing.
Tokensiation will be available on various IoT devices such as mobile phones, tablets, laptops, desktops, wrist watches and bands, etc. The customers will not have to pay any charge for availing tokenisation services. Tokensiation will also include safety measures such as additional factor of authentication and PIN entry, similar to card transactions.
The new rules will come into effect a few months after the RBI’s amended guidelines for recurring payments came into force and created quite an upheaval. As per the central bank’s directive, customers now need two-factor authentication for recurring payments of over INR 5K.
The new rules for recurring payments affected many online businesses, particularly subscription-based platforms that spend large amounts of money to acquire customers. Many subscription-based companies witnessed a reduction in the number of customers after the new directives came into effect.
In April, tech colossal Apple stopped accepting debit and credit cards for purchases on the App Store in response to the new guidelines for recurring payments. In place of cards, it is now accepting payments through UPI and netbanking on Apple stores.
Merchants Jittery About New Rules
As the tokenisation deadline nears, card networks are striving hard to build the alternative CoFT system, while merchants are anxious about the impact of the change on their business.
Talking to Inc42, Khilan Haria, CTO of Razorpay, said, “Most of the mature businesses (associated with Razorpay) are seeing this as a net positive move in the long run, where tokenisation will help bring more customers into the digital payments ambit.”
The fintech startup does not see any challenges with tokenisation. Without sharing numbers, Haria said the success rate of tokenised transactions is high.
The National Payments Corporation of India (NPCI), PayU, Cashfree Payments, Razorpay, and Infibeam are some of the companies that have already added tokenisation services to their offerings, while other companies in the payment ecosystem are gearing up to introduce tokenisation into their system.
However, some payment aggregators, including Easebuzz, raised concerns about the problems that will arise due to tokenisation and data purging.
“The new system (tokenisation) has some complexities such as instant discount offers and refund processing…that cannot be offered through the payment gateway at the moment. However, we are in the process of building a comprehensive product to orchestrate these offerings,” said Amit Kumar, CTO of Easebuzz.
He also added that the entire payment ecosystem is seeing a lot of infrastructural changes due to the RBI directives, which might disrupt the ecosystem.
The Merchant Payments Alliance of India (MPAI), a group of merchants which accept online payments, believes that tokenisation may raise complexity for merchants as the required infrastructure is yet not ready. Microsoft, Netflix, ShareChat, BookMyShow are among some of the members of the MPAI.
“Merchants have recently got APIs (application programming interfaces) from payment processors and have not tested tokenised transactions in volume. Owing to this, the success rate of tokenised transactions is not known,” a MPAI spokesperson said.
The MPAI said that the APIs offered to the merchants are not stable enough and can disrupt the entire ecosystem.
Transition to a new system is never easy and some hiccups can be expected as the country moves to tokenised transactions for online payments. However, having extended the deadline twice, the RBI is unlikely to oblige the stakeholders one more time, irrespective of their preparedness.
Join us and navigate the downturn with India’s top 1% fintech and BFSI leaders at Fintech Summit 2022 by Inc42.