The Alliance of Digital India Foundation is hopeful of further consultation with the Reserve Bank of India on tokenisation of card data. “The move towards tokenisation and providing far better-secured solutions for customer transactions is a very positive one. Such measures that increase consumer trust and confidence will be beneficial for the growth of the industry in the long run,” said Sijo Kuruvilla George, Executive Director, ADIF.
He, however, said that ADIF has some concerns around ensuring infrastructure to seamlessly support recurring payments. “India’s standards for recurring payments are far more restrictive than what there are globally. Some players also have concerns in terms of business disruptions,” he contended.
ADIF, which is an alliance of over 350 digital start-ups in the country, also proposes considering alternatives such as independent vaulting service providers partnering with banks. “If that is encouraged, markets will stand to benefit more and companies can also seamlessly vault their existing cards for tokenisation with vaulting service providers,” George said, adding that data portability is also likely to be far more robust and scalable with third-party vaulting services.
The body has sent a representation to the RBI on these issues.
Also read: ‘Enabling legislation crucial to nurture a competitive ecosystem’
ADIF is also hoping that a three to six month extension for tokenisation guidelines to come into effect would be beneficial as it would help assuage concerns, improve understanding and aid in the integration efforts being seamless. “We are in a pandemic year and the industry is trying to figure out ways to get back to the office. We also have the festival season coming up in November and December,” George noted.
The RBI had in March 2020 stipulated that authorised payment aggregators and the merchants onboarded by them should not store actual card data.
It has already extended the deadline for tokenisation of card data, which will now come into effect from January 1, 2022.
It has also extended the device-based tokenisation framework to Card-on-File Tokenisation services as well. It had also extended the scope of tokenisation to laptops, desktops, wearables (wrist watches, bands, etc), Internet of Things (IoT) devices from the initial mobile phones and tablets.