The Reserve Bank of India (RBI) on Thursday extended the deadline to comply with new card storage rules by another six months till 30th June 2022, following requests from industry bodies and other stakeholders.
“In light of various representations received in this regard, we advise…the timeline for storing of a card on file (CoF) data is extended by six months till June 30, 2022; post this, such data shall be purged,” The circular said.
“In addition to tokenisation, industry stakeholders may devise alternate mechanism(s) to handle any use case (including recurring e-mandates, EMI option, etc.) or post-transaction activity (including chargeback handling, dispute resolution, reward/loyalty programme, etc.) that currently involves/requires the storage of CoF data by entities other than card issuers and card networks,” it added.
The tokenisation solution will essentially replace all the debit and credit card information of a cardholder with a randomly generated number called a “token”. An OTP-based two-factor authentication method along with cryptograms unique to each transaction will be used so that the same token cannot be used on other merchant platforms. Click below to know more about ‘what is tokenized card transaction’
In March 2020, RBI had issued ‘Guidelines for regulation of payment aggregators and payment gateways’, prohibiting payment aggregators and merchants to store customer card credentials within their database or server from 30 June 2021. Later in March this year, the regulator extended the deadline by six months to 31 December 2021. RBI also issued circular dated September 07, 2021, on regulations on CoF of tokenization (CoFT) permitting Card-on-File Tokenisation (CoFT) Services”.
