Card data storage: RBI relaxes rules for checkout on guest transactions
The Reserve Bank of India (RBI) has relaxed card-on-file data storage norms pertaining to guest transactions checkout, whereby now, apart from the card issuer and the card network, the merchant or its payment aggregator involved in the settlement of the transactions can save the data for a maximum of T+4 days or till the settlement date, whichever is earlier.
And, acquiring banks have been permitted to store the card-on-file data until January 2023 for handing other post-transactions activities.
The industry reached out to the RBI on the issue and sought a solution. In the e-commerce space, there is something called a guest account, which essentially means one does not need to log in and save their card (see box).
The RBI has, however, stuck to the deadline issued earlier wherein the all entities except card issuers and card networks, have to purge the card on file data before October 1, 2022.
Last month, the RBI extended the deadline for card-on-file tokenisation by another three months to September 30 as transaction processing based on these tokens were yet to gain traction across all categories of merchants. While the initial deadline was January 1, 2022, it was extended by another six months till July 1, 2022 and then again by another three months.
The RBI had said the extended time period should be utilised by the industry for facilitating all stakeholders to be ready for handling tokenised transactions and to implement an alternate mechanism to handle all post-transaction activities (including chargeback handling and settlement) related to guest checkout transactions, that involve/require storage of CoF data by entities other than card issuers and card networks. The regulator also asked the payment players to create public awareness about the process of creating tokens and using them to undertake transactions.
Tokenisation is the replacement of an actual or clear card number with an alternative code called the “token”. A tokenised card transaction is considered safer as the actual card details are not shared with the merchant during transaction processing. This will help cut the chances of card information leakage.
More than 200 million tokens have been created across networks since December 2021.
WHAT ARE GUEST CHECKOUT TRANSACTIONS
Guest checkout transactions are those where cardholders decide to enter card details manually at the time of undertaking the transaction. They just need to key in the 16-digit number and do the transaction. This would be a non-tokenized transaction. The complexity of the situation at the back end means that a proper technical solution will time, the industry had informed the central bank.
Comments are closed.