ADVERTISEMENT

RBI Blinks Again On Card Data Storage Norms

The central bank extended the deadline for card data storage norms by six months.

<div class="paragraphs"><p>Vehicles travel past the Reserve Bank of India (RBI) headquarters building during a lockdown in Mumbai. (Photographer: Dhiraj Singh/Bloomberg)</p></div>
Vehicles travel past the Reserve Bank of India (RBI) headquarters building during a lockdown in Mumbai. (Photographer: Dhiraj Singh/Bloomberg)

The Reserve Bank of India on Thursday extended the deadline for digital payment entities to purge customer card data from their servers for the second time, ending weeks of uncertainty.

Entities other than card issuers and card networks, which store a customer's actual card data, now have time till June 30, 2022, before they must purge it. The earlier deadline was Dec. 31, 2021.

The regulator also asked industry stakeholders to devise alternative mechanisms, apart from card tokenisation, to ensure that recurring card-based transactions can be supported by payment companies and merchants, without storing actual card data.

In March 2020, the RBI had introduced the guidelines for storage of card data by various entities. At the time, the regulator had set a June 30, 2021, deadline, after which all card data with entities other than card issuers and card networks would be purged.

"At the request of industry stakeholders, this timeline was extended to Dec. 31, 2021," the RBI had then said.

The second extension was brought up after various industry bodies asked for it. On Dec. 9, the National Association for Software and Service Companies wrote to the RBI seeking an extension on the implementation deadline stating that most digital payments industry was reeling under the implementation of the regulator's guidelines on e-mandates which came into effect on Oct. 1.

Separately, the Merchant Payments Alliance of India and Alliance of Digital India Foundation also wrote to the regulator this week, seeking an extension of the deadline by six months. They had asked the regulator to keep implementation of the guidelines on hold till all relevant stakeholders such as banks, card networks, payment gateways and merchants were ready and adequate customer awareness was achieved.

“Disruptions of this nature erode trust in digital payments and reverses consumer habits back towards cash-based payments,” MPAI and ADIF had said in their letter.