NEW DELHI: The Reserve Bank of India extended the deadline by six months, for merchants and other relevant stakeholders, for storing Card on File (CoF) data, i.e., till June 30, 2022; post which such data shall have to be purged. 

Pradeep Mehta, Secretary-General, Consumer Unity & Trust Society (CUTS), welcomed the move and thanked the RBI for listening to requests made by CUTS in this regard.

However, Mehta claimed that this is just half a battle won by consumers. He expressed his keenness to work closely with the RBI in the coming six months, to ensure that CoF tokenization is operationalised in consumer interest, and promptly. In this regard, generating awareness and building the capacity of consumers, issuing FAQs on tokenisation, and publishing the status of ecosystem readiness will be key.

He also stressed the need for inclusive stakeholder consultation and evidence-based regulation-making as a way forward. Particularly, issuing a whitepaper before a proposed regulatory change, and comprehensive engagements with consumers will be critical to prevent unintended consequences. 

Citing the findings of a recent pan-India consumer survey conducted by CUTS, Mehta noted that a substantial number of consumers would have faced inconvenience in making card-based online payments, in case the deadline was not extended. This had the potential to force them to shift to other modes of payment, including cash on delivery, which could have dented the government’s vision of a digital and cashless India. 

Notably, Mehta had also written an open letter to the RBI, requesting them to extend the CoF data storage deadline, in light of the lack of digital payments ecosystem readiness to implement CoF tokenisation, as an alternative to storing CoF data. The open letter is available online ‘Dear RBI, don’t penalise consumers and merchants for non-compliance by other stakeholders’.

It is to be noted that the RBI’s circular ‘Tokenisation – Card Transactions: Permitting Card-on-File Tokenisation (CoFT) Services’, dated September 7, 2021, read with the ‘Guidelines on Regulation of Payment Aggregators and Payment Gateways’, dated March 17, 2020, had barred merchants from storing consumers’ CoFdata, w.e.f. January 1, 2022, and instead permittedCoF tokenisation. Furthermore, merchants were required to purge the CoF data currently stored with them by the date.

Mehta had earlier lauded the visionary stance of the RBI in permitting CoFT in the interest of promoting safe and secure digital payments for consumers but had also cautioned against various implementation challenges being faced by merchants, which were likely to delay operationalizing CoF tokenization.