New Delhi: Merchant Payments Alliance of India (MPAI) and Alliance of Digital India Foundation (ADIF) on Wednesday urged the Reserve Bank of India (RBI) to extend the deadline for card-on-file (COF) tokens for merchants till December 31.
Citing several operational challenges that would hinder the transition to a token-based payments ecosystem, industry bodies expressed their concern over the readiness of the industry to respond to the RBI directive on card-on-file tokenization.
MPAI and ADIF stated that ‘ecosystem readiness’ is a gradual process of going live with stable API (Application Programming Interface) documentation for token transactions.
The digital payments ecosystem is a long way from consumer-ready solutions and unless regulated entities comply, merchants will not be able to successfully process token transactions, they said in the joint letter.
“In the scenario that banks are lax in preparedness, this will result in loss of revenue to traders – we are looking at at least a revenue deficit of anywhere between 20-40 per cent, should that be the case.” ADIF Executive Director Sijo Kuruvilla George said.
RBI in September prohibited merchants from storing customer card details on its servers with effect from January 01, 2022, and mandated the adoption of COF tokens as an alternative to card storage.
Industry bodies said that if implemented in the current state of readiness, the new RBI mandate could lead to major disruption and loss of revenue, especially for traders.
Governing President Vishal Mehta said, “This preparation will also profoundly impact recent digital payments adopters. The frequency and intensity of phishing attempts will cause complete card details to be entered for each transaction, leading to irreversible fraudulent transactions.” There will be a significant increase.” Council, MPAI.
Based on the set of guidelines mandated by RBI, sensitive customer information is to be stored in the form of encrypted ‘tokens’ to help in secure transactions.
These tokens then allow payments to be processed without disclosing customer details or allowing payment intermediaries to store customer data that could breach security and privacy.
,