OPEN APP
Home / Industry / Banking /  RBI extends card tokenisation deadline by 6 months till Jun-end

RBI extends card tokenisation deadline by 6 months till Jun-end

In March 2020, RBI had issued guidelines for regulation of payment aggregators and payment gateways, prohibiting payment aggregators and merchants to store customer card credentials within their database or server from 30 June 2021. (AFP)Premium
In March 2020, RBI had issued guidelines for regulation of payment aggregators and payment gateways, prohibiting payment aggregators and merchants to store customer card credentials within their database or server from 30 June 2021. (AFP)

  • RBI also said that in addition to tokenization, industry stakeholders may devise alternative mechanisms to handle any use case that currently involves storage of card data by entities other than card issuers and card networks

Listen to this article

MUMBAI : The Reserve Bank of India (RBI) on Thursday extended the deadline to comply with new card storage rules by another six months to June 2022, following requests from industry bodies and other stakeholders.

 “In light of various representations received in this regard, we advise...the timeline for storing of card on file (CoF) data is extended by six months till June 30, 2022; post this, such data shall be purged," it said.

In March 2020, RBI had issued guidelines for regulation of payment aggregators and payment gateways, prohibiting payment aggregators and merchants to store customer card credentials within their database or server from 30 June 2021. Later in March this year, the regulator extended the deadline by six months to 31 December.

Referred to as tokenization, the process involves replacement of actual card details with a unique alternate code called the token.

On Thursday, RBI also said that in addition to tokenization, industry stakeholders may devise alternative mechanisms to handle any use case that currently involves storage of card data by entities other than card issuers and card networks.

Mint reported on Thursday that merchants are grappling with major technology integration challenges as they scramble to comply with the tokenization deadline.

Meanwhile, two industry associations, Merchant Payments Alliance of India (MPAI) and the Alliance of Digital India Foundation (ADIF) have together voiced their concerns over the industry’s readiness on tokenization. In a joint statement on Wednesday, they said they have written to RBI, requesting an extension of the 31 December deadline for implementation of card data storage norms.

The two bodies said they sought a phased implementation of the new mandate, a minimum time frame of six months for merchants to comply post readiness of banks, card networks, and payment aggregators/payment gateways, as well as the generation of consumer awareness about the impact of the policy change.

 “This policy change affects three major players: banks, intermediary payment systems, and merchants. Merchants cannot start the testing and certification of their payment processing systems until banks, card networks, and payment gateways are certified and live with stable APIs for consumer-ready solutions," the statement said.

Some players, though, have already launched tokenization services. The National Payments Corporation of India (NPCI) has partnered brands and aggregators such as bigbasket, Goibibo, MakeMyTrip, JioPay, Juspay, Paytm, and PhonePe to introduce a tokenization facility. Mastercard and Google have also rolled out tokenization that will enable Google Pay users to safely transact using their Mastercard credit and debit cards. That apart, payments and API banking solutions company Cashfree Payments also recently announced its tokenization solution will go live on 27 December.

Subscribe to Mint Newsletters
* Enter a valid email
* Thank you for subscribing to our newsletter.

Never miss a story! Stay connected and informed with Mint. Download our App Now!!

Close
×
Edit Profile
Get alerts on WhatsApp
My ReadsRedeem a Gift CardLogout