Merchants, companies can’t store card data from Jan 1: RBI

What is the News?

Reserve Bank of India(RBI) has directed that no entity or merchant, other than card issuers and card networks, should store card details — or card-on-file (CoF) — from January 1, 2022. Simultaneously, it has also extended the tokenisation of CoF by card issuers.

Reasons for RBI’s Ban on Storing card data

The merchants, payments aggregators, and even payment gateway players who get to store the card data are not registered with the RBI

Hence, the objective of the RBI’s decision is to create a better security framework for digital transactions, which have accelerated post the pandemic.

What is the solution then?

RBI has permitted authorised card networks to offer card tokenization services to any token requestor. This will make the card transactions more safe, secure and convenient for the users. 

Read more: RBI permits card-tokenization services in a bid to make card transactions more safe
RBI’s Guidelines on Tokenization

The facility of tokenisation will be offered by the token service providers(TSPs) only for the cards issued by or affiliated with them.

Tokenization of card data shall be done with explicit customer consent, requiring additional factor authentication by the card issuer.

What is a Card on File(CoF) Transaction?

Card on File(CoF) Transaction is a transaction where a cardholder has authorised a merchant to store the cardholder’s Mastercard or Visa payment details.

Source: This post is based on the article Merchants, companies can’t store card data from Jan 1: RBI published in Indian Express on 8th September 2021.

Print Friendly and PDF