RBI extends deadline for prohibiting card data storage to 30 June

New Delhi, 24 Dec (KNN) Amid demands from payments players and merchants the Reserve Bank of India (RBI) on Thursday extended the deadline for the switch to tokenisation of data for card-based transactions to June 30, 2022. The notification calls for customer card details stored by merchants and payment gateways to be purged as on June 30. 

Also, the notification said the industry players may devise alternative mechanisms to handle recurring e-mandates, dispute resolution or reward programmes which currently involve storage of CoF (card-on-file) data by entities other than card issuers and card networks.

The new system will not store the 16-digit card number and the expiry date when a digital transaction is being done on a website. The payment will be made through a process called tokenisation by which the card details are replaced by a unique code or token. This prevents the card details from being exposed and enhances data security. 

Only card issuers and card networks can store customer data. The original March 2020 notification prohibited payment aggregators and merchants on-boarded from storing card data (CoF) from June 30, 2021. Meanwhile, some large merchants have already asked their customers to move to the tokenisation framework.

According to media sources Mastercard and Google Pay have teamed up to offer tokenisation services for some apps allowing users to pay with their cards without having to share their credentials with a third party.