The RBI said it has decided to extend the deadline for another three months due to lack of significant traction in processing of token-based transactions
Industry players had sought an extension, which were deferred twice earlier
Tokenisation refers to masking card details with an alternate code so that customers’ card details are not shared during transactions
“…it has been decided to extend the timeline for storing of CoF (card-on-file) data by three months, i.e., till September 30, 2022, after which such data shall be purged,” the RBI said in a notification.
The directive was issued under various sections of the Payment and Settlement Systems Act, 2007. The decision was taken due to a lack of significant traction in processing of token-based transactions.
“…an alternate system in respect of transactions where cardholders decide to enter the card details manually at the time of undertaking the transaction (commonly referred to as “guest checkout transactions”) has not been implemented by the industry stakeholders, so far,” the central bank said.
This is the third time that the RBI has deferred the implementation of guidelines for card transactions. It was first postponed from June 30, 2021 to December 30, 2021 and then later to July 1, 2022.
What Is Card Tokenisation?
Tokenisation refers to masking card details with a unique alternate code to ensure that the actual card information is not shared with the merchants. The tokens will be issued by card networks such as Visa, MasterCard, RuPay.
Under the guidelines, payment aggregators, merchants and payment gateways will have to purge the customers’ card data stored with them.
According to the central bank, tokenised card transactions are safer as the actual card details are not shared with the merchants while processing transactions.
In its statement on Friday, the RBI noted that ‘considerable’ progress had been made in terms of token creation.
Many payment aggregators and other firms have announced that they have switched to token-based transactions. In December last year, Google partnered with Microsoft to adopt tokenisation. It had then assured its customers that the company would not collect user data.
Other major players such as PhonePe, Razorpay, PayU and Infibeam have also made a switch to the tokenisation system.
Meanwhile, merchants continue to oppose the move citing adverse impact on their businesses. Many subscription-based fintech players have said that the move will affect their incoming revenue from clients that have not moved to tokenisation.