RBI extends card tokenisation deadline by 6 months until June-end

The Reserve Bank of India (RBI) on Thursday prolonged the card-on-file (CoF) tokenisation deadline by six months to June 30, 2022, in view of varied representations acquired from trade our bodies.
Card-on-file, or CoF, refers to card info saved by fee gateway and retailers to course of future transactions.
The earlier deadline was December 31, 2021.
“In light of various representations received in this regard, we advise…the timeline for storing of CoF data is extended by six months, ie., till June 30, 2022 and post this, such data shall be purged,” RBI mentioned in a notification addressed to all fee system suppliers and fee system individuals.
In addition to tokenisation, it mentioned, “Industry stakeholders may devise alternate mechanism(s) to handle any use case (including recurring e-mandates, EMI option, etc.) or post-transaction activity (including chargeback handling, dispute resolution, reward/ loyalty programme, etc.) that currently involves/requires storage of CoF data by entities other than card issuers and card networks.”

Under tokenisation companies, a novel alternate code is generated to facilitate transactions by means of playing cards.
The RBI in September prohibited retailers from storing buyer card particulars on their servers with impact from January 1, 2022, and mandated the adoption of CoF tokenisation as a substitute for card storage.
Citing a number of operational challenges, trade associations ? Merchant Payments Alliance of India (MPAI) and Alliance of Digital India Foundation (ADIF) ? had requested the RBI to increase the December 31 deadline for implementation of norms associated to tokenisation of card transactions.MPAI is a consortium of retailers who settle for digital funds and counts Microsoft, Netflix, Spotify, Zoom, BookMyShow, Disney+Hotstar, Policybazaar and Times Internet amongst its members.
Alliance of Digital India Foundation (ADIF) is a think-tank for digital start-ups, whose members embrace Paytm, Matrimony.com, GOQii and MapmyIndia.
Citing the comfort and luxury issue for customers whereas endeavor card transactions on-line, many entities concerned within the card fee transaction chain retailer precise card particulars.
Some retailers pressure their prospects for storing card particulars.
Availability of such particulars with numerous retailers considerably will increase the danger of card knowledge being stolen. In the latest previous, there have been incidents the place card knowledge saved by some retailers have been compromised/ leaked.
Any leakage of CoF knowledge can have critical repercussions as a result of many jurisdictions don’t require an AFA for card transactions, the RBI mentioned including that stolen card knowledge may also be used to perpetrate frauds inside India by means of social engineering methods.
The RBI had in March 2020 had stipulated that authorised fee aggregators and the retailers onboarded by them mustn’t retailer precise card knowledge with a view to minimise weak factors within the system. On a request from the trade, it prolonged the deadline to end-December 2021 as a one-time measure.
The tokenisation of card knowledge, nevertheless, shall be finished with specific buyer consent requiring AFA, the RBI had mentioned.