Just six days ahead of a rather tricky deadline, the Reserve Bank of India (RBI) has issued a reprieve. Albeit temporary.
The country’s banking regulator had decreed that by 30 June, all online merchants and payment processors had to stop storing customer card data. Instead, they would have to implement something called card tokenisation—the process of replacing information such as the debit card or credit card number with a surrogate alpha-numeric code called a token, generally issued by card networks such as Mastercard, Visa, and Rupay.
However, in two separate statements on the evening of 24 June, the RBI extended the deadline for both purging stored customer data and implementing card tokensation to 30 September. This is the third such deadline extension that the RBI has granted the new card information storage rules, first introduced in March 2020.
And it appears to be signalling a shift in the central bank’s thinking about the system’s preparedness.
Earlier this month, RBI’s deputy governor T Rabi Sankar had indicated that the regulator felt the system was adequately prepared for implementing card tokenisation. “The progress has been satisfactory. Over the last several months, our teams have been constantly discussing with all stakeholders… The system is by and large prepared,” Sankar said said Moneycontrol Ecosystem largely prepared to implement tokenisation, says RBI Dy Governor T Rabi Sankar Read more at the time.
But in its Friday statement, the RBI noted that while there has been “considerable progress” in generating card tokens, processing transactions using them is yet to fully take off. In addition, no alternate solution has been implemented for guest checkouts—a transaction where customers manually enter their card details instead of storing them with a merchant.
If the shift had been implemented as planned, it would have had a significant impact on the over 200 million online transactions that occur on credit and debit cards each month in India. As of May 2022, India had a total of ~1 billion outstanding credit and debit cards, according to RBI data.
The most significant impact, though, would have been on guest checkouts. According to estimates shared by executives with payment processors, such transactions account for between 50% to 60% of the overall volume.
“There are readiness problems with guest checkouts across the ecosystem,” a senior digital payments executive at a large bank told The Ken, a few hours before the RBI announced the extension. They added that while banks, payment processors, and card networks have been interacting with the regulator and each other on the issue, there’s no immediate solution on the horizon.