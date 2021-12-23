



The Reserve Bank of India (RBI) extended the card-on-file (CoF) tokenization deadline by six months to June 30, 2022 on Thursday, taking into account various statements received from industry groups.

Card-on-file (CoF) refers to the card information stored by the payment gateway and merchant to process future transactions.

The previous deadline was December 31, 2021.

“In light of the various statements we received in this regard, we will extend the timeline for storing CoF data by 6 months, which means that we will extend it until June 30, 2022, and when we post this, such data will be It will be removed, “says RBI. Notifications addressed to all payment system providers and payment system participants.

In addition to tokenization, “industry stakeholders handle all use cases (including regular e-mandates, EMI options, etc.) or post-transaction activities (including chargeback processing, dispute resolution, rewards). Alternative mechanisms can be devised for this (such as loyalty programs) that currently include / require the storage of CoF data by entities other than card issuers and card networks. “

The tokenization service generates a unique alternative code to facilitate transactions through the card.

After January 1, 2022, the RBI in September banned merchants from storing customer card details on servers and mandated the adoption of CoF tokenization instead of card storage.

Would you like to quote some operational challenges, industry groups? Merchant Payments Alliance of India (MPAI) and Alliance of Digital India Foundation (ADIF)? Requested RBI to extend the deadline for the norms related to tokenization of card transactions to 31 December. MPAI is a consortium of merchants who accept digital payments and count Microsoft, Netflix, Spotify, Zoom, BookMyShow, Disney + Hotstar, Policybazaar and Times. Internet between members.

The Alliance of Digital India Foundation (ADIF) is a think tank for digital start-ups with Paytm, Matrimony.com, GOQii and Mapmy India as members.

Citing the elements of user convenience and comfort when conducting card transactions online, many entities involved in the card payment transaction chain store the actual card details.

Some sellers force customers to save card details.

The availability of such details at a large number of merchants greatly increases the risk of card data being stolen. Recently, there have been incidents in which card data stored by some member stores was leaked or leaked.

CoF data breaches can have serious implications, as card transactions do not require AFA in many jurisdictions. The stolen card data could also be used for fraud in India through social engineering techniques, RBI added.

The RBI stipulated in March 2020 that approved payment aggregators and participating merchants would not store actual card data in order to minimize vulnerable points in the system. rice field. At the request of the industry, the deadline has been extended to the end of December 2021 as a one-time measure.

However, RBI states that tokenization of card data must be done with the explicit consent of customers who require AFA.

