RBI extends the deadline for card tokenization by three months, to September 30

RBI on June 24 extended the deadline for card tokenization and storage of card data by an additional three months, to September 30, 2022

The Reserve Bank of India (RBI) on Friday (June 24) extended the deadline for card tokenization and storage of card data by an additional three months, to September 30, 2022, in response to demands from the industry.

The Reserve Bank of India (RBI) logo is displayed on a wall inside the Reserve Bank of India in New Delhi
Image Source: Getty Images

The RBI announced in a notification that the CoF (card-on-file) data storage period will be extended by three months, or until September 30, 2022, after which the data would be deleted. The directive was issued in accordance with several provisions of the Payment and Settlement Systems Act of 2007. The decision was made due to a lack of significant progress in token-based transaction processing.

The central bank noted that so far, "industry stakeholders have not created an alternative system in respect of transactions when cardholders choose to manually enter the card details at the time of undertaking the transaction (often referred to as "guest checkout transactions")." The RBI has extended the implementation of card transaction regulations three times. The deadline was initially pushed back from June 30 to December 30 and finally to July 1, 2022.

Tokenisation is the process of masking card information with a unique alternative code in order to prevent merchants from seeing the actual card information. Major card networks such as MasterCard, Visa, and RuPay will issue the tokens. Payment aggregators, merchants, and payment gateways are directed to delete customer card data stored with them under the standards. Tokenised card transactions, according to the central bank, are safer because the original card details are not shared with merchants while handling transactions.

The RBI stated on Friday that 'significant' progress had been made in terms of token creation. Many payment aggregators and other corporations have announced the use of token-based transactions. Other major providers, like Paytm, PhonePe, PayU, Razorpay, and Infibeam, have all adopted tokenisation technology.

Meanwhile, merchants remain opposed to the proposal, claiming negative consequences for their businesses. Many subscription-based fintech companies have stated that the transition will have an impact on their incoming revenue from customers who have not adopted tokenization. The RBI stated in its 'Payments Visions 2025' that it plans to more than triple the volume of digital transactions in the country by 2025.