RBI came out with new rules in March last year to enhance the security of online transactions done using debit and credit cards.
the story So Far: The Reserve Bank of India (RBI) has extended the deadline given for online merchants and financial payment companies to December 23. Tokenization of card data Used for online transactions. Online merchants and financial payments companies have been lobbying the RBI to extend the deadline, saying they lack the necessary infrastructure to comply with the RBI order till December 31, 2021. Therefore, on Thursday, RBI decided to extend the deadline till June 30, 2022,
What is this?
RBI came out with new rules in March last year to enhance the security of online transactions done using debit and credit cards. It wanted to end the practice of online merchants storing card details of customers, which the central bank believed could lead to card misuse by fraudsters. However, storing card details on the merchant platform made it easier for customers to shop online. For example, customers often store their card data on sites like Amazon and Zomato. If this was not possible, customers would have to enter their card details every time they made a purchase.
Also read: Explained | Why has RBI barred Mastercard from issuing new cards in India?
To address this problem, RBI proposed that online merchants use token numbers instead of card data to store customers’ cards on its platform. In this way, RBI will ensure that sensitive details like card numbers are erased from merchant sites and replaced with random numbers. Once the card is tokenized, the card data will remain in the records of banks and card companies only.
What is the problem with the order of RBI?
Critics of the RBI order believe that online card transactions are already quite secure as customers are required to authenticate transactions through CVV, OTP and other means. Online traders have also been complaining about the time given by RBI to comply with their orders, which they believe is too short. They argue that this will affect their business as customers whose card details have been purged may refuse to go through the hassle of entering their card details every time they make a purchase.
Read also | RBI pushes for card security to merchants, lenders
Customers can also decide not to tokenize their cards and opt to switch to cash only or other forms of online payment that involve less hassle. Thus RBI may inadvertently turn customers away from using the card as a mode of payment. It should be noted that foreign card companies such as Visa and Mastercard have already complained that Indian authorities are supporting domestic payment methods such as UPI and RuPay through their policies.
It is difficult to decide whether RBI’s token policy is correct unless we find a way to weigh the costs and benefits of the policy against the costs and benefits of its alternatives. However, this is possible only when multiple private regulatory bodies are competing for business by offering different policies. Competition between regulatory regimes would then lead to a balance that properly balances the risks of card data storage (such as fraud) against the benefits (such as the ease of making repeated payments).
what lies ahead?
Companies are expected to comply with the RBI order roughly by the time frame next year. When the RBI first came up with the order to purge card data, it ordered companies to comply with its order till June 30, 2021, a deadline which was later extended to the end of 2021. With the extension of the deadline by six months, the RBI has extended its initial deadline by a year, which many believe is enough time to comply. With increasing regulatory burden on cards as a form of payment, which in turn increases the cost of using cards, we may see a shift away from cards and towards other forms of payment as well.
,