Card tokenisation: RBI unlikely to extend September 30 deadline
The Reserve Bank of India (RBI) is unlikely to extend tomorrow’s (September 30) deadline for tokenisation of credit and debit cards, according to a report.
On July 28, the RBI had said, “with effect from October 1, 2022, no entity in the card transaction / payment chain, other than the card issuers and / or card networks, shall store card-on-file (CoF) data, and any such data stored previously shall be purged.”
According to a Reuters report on Thursday (September 29), despite a demand by smaller merchants to delay the tokenisation date, there has been no indication so far by the central bank that there is likely to be an extension in deadline, three banking and merchant sources with knowledge of the matter said.
“The general sense is that banks, card networks and (bigger) merchants are better prepared and so the push from the ecosystem side for an extension has also not been massive and we haven’t received any indication to suggest an extension either. If it happens, it will be a surprise,” a banker with a large state-owned bank, told the news agency.
Appropriate penal action, including imposition of business restrictions, shall be considered by the RBI in case of any non-compliance, the central bank had said.
What is tokenisation?
Tokenisation refers to replacement of actual card details with an alternate code called the “token”, which shall be unique for a combination of card, token requestor (i.e. the entity which accepts request from the customer for tokenisation of a card and passes it on to the card network to issue a corresponding token) and device (referred hereafter as “identified device”).
You may have already noticed that your saved credit card details vanished from merchant sites such as Amazon. That is because these sites can no longer store your credit and debit card details, including number, name, expiry date, and code. A token will now replace these details, and the merchant websites will use those tokens for transactions.
The RBI’s card-on-file (CoF) tokenisation regulations were about to come into effect from July 1. However, in late June, the RBI extended the card tokenisation deadline by three months, until September 30, 2022. In July, it directed all stakeholders, barring card issuers and networks, to delete all customer data before October 1, 2022.