Blog

The Reserve Bank of India (RBI) introduced card tokenisation guidelines in 2020 to improve the safety and security of card transactions. Following requests from various stakeholders, the central bank extended the deadline twice, and the new rules are set to come into effect from July 1, 2022. However, the banks have requested the RBI to give another extension of six months.

Saying that the time given for implementation of the rules was too short, the Indian Banks’ Association (IBA) has submitted an extension request to the central bank, Bloomberg Quint reported. However, the RBI has not given any assurance yet for the extension.

The Association also noted that the success rate for tokenised card transactions is low currently. Moreover, there are not many avenues available currently for tokenising card data, the report quoted the IBA as saying. 

Besides the banks, Aruna Sharma, a former member of the RBI’s digitisation committee, has also called for extending the deadline for implementation of the guidelines till June 2023, The Economic Times reported. 

According to Sharma, the deadline for implementation of the new rules should be ‘reasonable’. She is of the view that the deadline needs to be extended at least till June 2023, as even another six months will not be adequate. 

Tokenisation refers to the process of replacing credit/debit card details with a unique alternate code, ‘token’. Card networks such as Visa, RuPay and MasterCard will issue tokens to token requestors. Under this process, merchants will have to delete any credit and debit card data stored on their platforms and replace them with a token. 

Customers will have the option to register or de-register their card for a particular use case such as contactless, QR code based, in-app payments, among others. A customer will need to provide a one-time consent through OTP (one-time password) and undertake a transaction to tokenise their debit and/or credit card for the first time. 

However, customers who don’t tokenise their cards will have to enter card details every time they make a purchase of any item or subscription on online platforms. Hence, the new rules are expected to affect many online businesses, particularly subscription-based platforms. However, customers can tokenise their cards anytime.

“From the consumer point of view, you will have to undergo this exercise of creating a token with every merchant that you are exercising with. It’s not like a one-time thing you do on the card, and you’re done. So, in a sense it is a hassle,” Sharma was quoted as saying. 

She also added that if a consumer forgets to tokenise an instalment, he/she may miss out on making the payment on time and will have to face its consequences. 

As it is a major change, the RBI should extend the deadline at least for a year to prevent any disruption in the economy, she added. “The RBI should allow card data storage and not go in a hurried way for the deletion of it till the readiness is complete,” she said.

In recent times, the RBI has introduced many changes relating to online transactions. Earlier, the central bank’s new guidelines on recurring payments also caused disruptions. Apple App Store has already stopped accepting credit and debit cards as a mode of payment in India for buying apps and for subscription services. 

“Regulatory requirements in India apply to the processing of recurring transactions. If you hold an Indian debit or credit card and you have a subscription, these changes impact your transactions. Some transactions might be declined by banks and card issuers,” Apple said in a statement in March.

Last week, the RBI increased the limit of e-mandates on cards for recurring payments from INR 5000 to INR 15,000. RBI’s regulations on e-mandates or recurring payments via cards came into effect last October.