For the third time in two years, the Reserve Bank of India will try to get merchant, card companies and banks to implement a new set of rules which restrict the storage of customer card data.
The rules, proposed in 2020, were to be implemented by June 2021 but were delayed first to December 2021 and then to June 30, 2022.
With the latest deadline just about a month away, merchants and payment industry representatives say the system is still far from ready. While some large firms like Apple may have implemented the new system, smaller merchants and their customers will struggle, said representatives of the payment industry that BQ Prime spoke with.
“Unfortunately, with a few weeks left until the data-purging deadline elapses, we observe that requisite backend infrastructure still isn’t ready, said the Merchant Payments Alliance of India, in a note posted on its website.
“While some progress on token generation/issuance has been made, token processing solutions are still at the development/early testing stage,” it said.
According to the MPAI, should the rules get implemented at this stage, merchants of all sizes will face business continuity issues.
As per the new rules, entities other than card issuers and card networks, which store a customer’s actual card data, must purge any data stored with them. Instead, the regulator has introduced a system of tokenisation, where tokens can be generated for individual cards and uses. These tokens can then be stored by merchants.
While some steps have been taken to popularise the use of tokens, it is scarcely enough, Vivan Sharan, secretary of MPAI told BQ Prime.