This follows a series of representations by several industry players and digital payment platforms that expected online transactions to be disrupted as of January 1, when the new rules were originally supposed to go into effect. According to the new guidelines, online gamers must delete all credit and debit card data stored on their platforms and replaced with tokens in order to secure the card data of consumers.
While most of the leading banks, including SBI, HDFC Bank, and ICICI Bank, are ready to make the switch, other stakeholders – mostly merchants – argue that the systems in their backend are not ready to adopt the new regime and have been more Time for new standards to be in place.
In expanding the policy, RBI said that in addition to tokenization, âindustry stakeholders can develop alternative mechanisms to handle any use case (including recurring e-mandates, EMI option, etc.) or post-transaction activities (including chargebacks) Processing, dispute resolution, rewards / loyalty program, etc.), which currently includes / requires the storage of CoF data by bodies other than card issuers and card networks. “
What is tokenization and why has the RBI issued new guidelines?
In September 2021, RBI banned merchants from storing customer card data on their servers with effect from January 1, 2022 and ordered the introduction of card-on-file tokenization (CoF) as an alternative to card storage. It applies to domestic online purchases.
Tokenization refers to the replacement of the actual credit and debit card details with an alternate code called a “token” that is unique to a combination of card, token requester, and device. A tokenized card transaction is considered more secure because the actual card data is not passed on to the merchant during the transaction processing. Customers without a tokenization function must enter their name, 16-digit card number, expiry date and CVV for every online order. This can be a hassle and degrade transaction value, especially when done through stored cards. If there are several cards, each must be provided with a token.
How big is the industry and what are the effects of new guidelines?
India has an estimated 100 crore debit and credit cards used for approximately 1.5 crore daily transactions valued at Rs 4,000 crore, according to data shared by participants in a CII seminar on the subject this week. The value of India’s digital payments industry over the 2020-21 period was Rs 22.214.171.124 billion, according to the RBI’s annual report.
“Digital payments have sparked and sustained economic growth, especially during the troubled times of the pandemic … While the RBI’s intent is to protect consumer interests, the challenge on the ground is to implement it,” according to the CII. Online merchants may lose up to 20-40% of their revenue after December 31 due to tokenization norms session on digital payments and the Indian media consumer organized by the Media and Entertainment Committee of the CII.
What is the impact on the consumer?
An estimated 5 million customers who have their card details stored for online transactions on various platforms could be affected if online gamers and retailers are unable to implement the changes in their backend. E-commerce platforms, online service providers and small retailers could be particularly affected. Equal monthly rates and subscription-based transactions that are paid for using stored cards must also be subject to new rules. With the latest expansion, RBI now expects the systems to be ready for a smooth start in six months.
While 90 percent of banks are ready for tokens on the Visa platform, Mastercard has yet to catch up. On July 14th of this year, the RBI banned Mastercard from issuing new cards because it had not met the data localization requirements. Even if the CoF conversion is carried out into a tokenized number, the system is not prepared to process the tokens because the merchants are not ready in the end.
Why did those involved want an extension?
Digital payment companies and merchant organizations had asked RBI for urgent action to extend the deadline for the implementation of the new standards for data storage for credit and debit cards or card-on-file tokenization (CoF). They wrote to the central bank that the new mandate, if implemented in the current readiness, could lead to major disruption and loss of revenue, especially for traders. “Disruptions like this are undermining trust in digital payments and returning consumer habits towards cash-based payments,” said the Merchant Payments Alliance of India (MPAI) and the Alliance of Digital India Foundation (ADIF) in a joint letter. According to industry circles, some banks had also written to RBI to extend the implementation of the new standards.
Newsletter | Click here for the best explainer of the day in your inbox
Industry sources argue that all stakeholders – banks, card systems, aggregators, gateways, processors, merchants, consumers, and the regulator – need to come together for a successful implementation of the standards, which requires time and preparation. Specifically, the change in RBI policy affects three main actors: banks, intermediary payment systems and merchants. Stakeholders sought a gradual implementation of the new mandate, a minimum timeframe of six months for merchants to meet the readiness of banks, card networks and payment aggregators / gateways.
What is the willingness of the banks?
While industry bodies in a letter to the Reserve Bank claimed that the RBI regulated companies were not prepared to comply in the absence of a tough mandate, banks say “they are on the matter” and traders may have some time left for that Need integration. HDFC Bank, ICICI and SBI Cards already have the card tokenization system for online transactions, while only a few players have device-based tokenization (SBI Cards with Samsung) for contactless NFC payments (Near Field Communication). Other banks have already started the process and many are done with the new system.
SBI Chairman Dinesh Khara recently said: âIt’s about integrating the systems between banks and retailers. As for the banks, they have started working on it. For our purposes, the operational part came in September. For dealers it may be that they need a little more time. “
According to a report by Emkay Global Financial Services, “Rather than developing your own token generation engine, using the payment network engine (Visa or Mastercard) will be far more cost-effective, technologically advanced and accepted by merchants.” Google announced on Tuesday the introduction of tokenization, which will allow Google Pay users to transact with their Mastercard credit and debit cards. Many banks such as SBI, HDFC and HSBC use Mastercard for transactions.
There are three steps to follow for a smooth implementation of tokenization. Token Provisioning: The consumer’s card number should be convertible into a token, ie the card networks must be equipped with the appropriate infrastructure.
Token processing: Consumers should be able to successfully complete their transaction using the token.
Scale-up for multiple use cases: the consumer should be able to use the token for things like refunds, EMIs, recurring payments, offers, promotions, guest checkouts, etc.