scorecardresearch
RBI extends card tokenisation deadline till September 30

RBI extends card tokenisation deadline till September 30

The extension of the deadline comes as RBI highlighted that "transaction processing based on these tokens has also commenced, though it is yet to gain traction across all categories of merchants."

The tokenisation of card data, however, shall be done with explicit customer consent requiring an additional factor of authentication (AFA). The tokenisation of card data, however, shall be done with explicit customer consent requiring an additional factor of authentication (AFA).

Reserve Bank of India (RBI) on Friday extended the deadline of card-on-file (CoF) tokenisation norms till 30 September, 2022.

The extension of the deadline comes as RBI highlighted that "transaction processing based on these tokens has also commenced, though it is yet to gain traction across all categories of merchants."

"Further, an alternate system in respect of transactions where cardholders decide to enter the card details manually at the time of undertaking the transaction (commonly referred to as “guest checkout transactions”) has not been implemented by the industry stakeholders, so far. Given the above, it has been decided to extend the timeline for storing of CoF data by three months, i.e., till September 30, 2022, after which such data shall be purged," RBI further added.

However, according to news agency PTI report citing sources, most of the large merchants have complied with the RBI's card-on-file (CoF) tokenisation norms and 19.5 crore tokens have been issued so far.

Earlier, the RBI had directed the merchants to implement its tokenisation norms by June 30, 2022. The central bank has twice extended the deadline of its implementation in the past. Card-on-file or CoF refers to card information stored by payment gateway and merchants to process future transactions.

The RBI in last September prohibited merchants from storing customer card details on their servers with effect from January 1, 2022, and mandated the adoption of CoF tokenisation as an alternative to card storage.

The basic purpose of tokenisation is to increase and improve customer safety. With tokenisation, storage of card details is limited.

The RBI in March 2020 stipulated that authorised payment aggregators and the merchants onboarded by them should not store actual card data to minimise vulnerable points in the system. On a request from the industry, it extended the deadline to December 2021 as a one-time measure.

The tokenisation of card data, however, shall be done with explicit customer consent requiring an additional factor  authentication (AFA).

Published on: Jun 24, 2022, 6:39 PM IST
Posted by: Mohammad Haaris Beg, Jun 24, 2022, 6:37 PM IST