BENGALURU: The Reserve Bank of India (RBI) on Friday again extended the deadline for card tokenisation by another three months. From the earlier deadline of June 30, the central bank has extended the deadline to September 30, 2022, as the number of transactions processed using tokens is yet to gain traction across all categories of merchants.
Since every time when consumers make online transactions, actual card details are stored, the RBI issued Card-on-File Tokenisation order, under which all authorised card networks have to offer card tokenisation services, and merchants should delete customers’ card details by June 30. While large players have tokenised their customer card details, many small merchants have been struggling to meet the deadline.
The RBI said, “Industry stakeholders have highlighted some issues related to the implementation of the framework in respect of guest checkout transactions. These issues are being dealt with in consultation with the stakeholders, and to avoid disruption and inconvenience to cardholders, the Reserve Bank has today announced an extension of the said timeline to September 30, 2022.”
Earlier, the RBI mandated that after December 31, 2021, entities other than card networks and card issuers can’t store card data. The timeline was subsequently extended to June 30, 2022. Till now, nearly 19.5 crore tokens have been created, and creating tokens is voluntary for the cardholders. Those who do not wish to create a token can continue to transact as before by entering card details manually at the time of undertaking the transaction, which is known as a guest checkout transaction.
On tokenisation, Prabhtej Singh Bhatia, co-founder of Falcon, a platform for embedded payments and card issuance, said UIDAI has shown successfully how Aadhaar tokenisation for authentication has helped curb misuse of Aadhaar numbers.