Think tank says card tokenisation deadline extension necessary

Chennai: As the deadline for Reserve Bank of India’s (RBI) new card storage guidelines nears, Dr. Aruna Sharma, former member, Digitisation Committee, RBl on Monday said that the deadline needed to be ‘reasonable’ and said that she felt that it needed to be extended till June 2023.

She said this while speaking at a virtual launch of the “Preparedness of the Payments Ecosystem to Implement CoF (Card-on File) and Tokenisation guidelines” report on Monday. The rules in question concern the RBI’s mandate to merchants to delete the customers card data, and put in place an alternative payment mechanism, i.e. card tokenisation.

In the report by think tank The Dialogue, the authors observed that an extension of the deadline at least till 31st December, 2022 was necessary as majority of the stakeholders recommended that this was essential for testing the solutions for different use cases and to test the scalability of the tokenisation solution. ET had reported earlier in June that industry bodies such as Nasscom, ADIF and Merchant Payments Alliance have raised concerns about the lack of data on the success rate of tokenisation and its impact on small businesses.

“Ecosystem readiness is at the core of the transition and a small extension of a reasonable time period would prove helpful,” the report stated. “Mandate to delete the CoF data needs to be delayed and it should be done only when the RBI is satisfied that the ecosystem can handle the existing levels of transactions with the same level of success rates. It needs to be ensured that all the stakeholders are at a similar level of preparedness.”

Dr Sharma on her part said that even the December 2022 deadline was not adequate. “It (the deadline) has to be extended at least by a year – till June 2023 – to be in complete readiness because with half-baked things, we have seen what has happened with the e-mandates.”

She went on to add that it was a two step process wherein one generates a token against the consumer card and processes the transaction against it. And this will not be done only for a one time purchase but all recurring payments for every EMI with every merchant.

Discover the stories of your interest

“From the consumer point of view, you will have to undergo this exercise of creating a token with every merchant that you are exercising with. It’s not like a one time thing you do on the card and you’re done. So in a sense it is a hassle. If they (a consumer) have completely forgotten and the instalment comes six months down the line and then they realize they have not tokenized it and therefore they missed out on doing the payment on time and therefore will have to face subsequent consequences because of this.”

She also highlighted the issues that come with guest checkouts wherein people chose how their payment is going to be processed and choose not to tokenize their card data.

“My fear is that these kinds of guest checkouts will very soon shift back to the cash economy,” Sharma said. “The RBI should allow card data storage and not go in a hurried way for the deletion of it till the readiness is complete. And the extension has to be at least for a year to be in complete readiness because of the fears of disruption that may happen into the entire economy.”

The report also speaks about a need for the RBI to come up with a phased implementation programme. It said that this would enable stakeholders to easily identify and resolve pain points.

“This would give them sufficient time to identify the issues, points of failure and to resolve concerns at an ecosystem level. For instance, we are witnessing that use cases such as guest checkouts, recurring payments etc. are facing issues. Further, scalability and transaction failures are also some of the pain points. These issues could be resolved through phased implementation of the mechanism, as the industry implements tokenisation,” the report stated.

Tokenization replaces a card’s 16-digit number with a unique alternate 16-digit random character token derived from a combination of card, token requestor merchant and device. Tokens can be used for online transactions, mobile point-of-sale transactions or in-app transactions.

Stay on top of technology and startup news that matters. Subscribe to our daily newsletter for the latest and must-read tech news, delivered straight to your inbox.