“On a review of the issues involved and after detailed discussion with all stakeholders, also taking into account that sufficient time has elapsed since the requirements were specified, there shall be no change in the effective date of implementation of the requirements – All entities, except card issuers and card networks, shall purge the CoF data before October 1, 2022,” the regulator said in a notification on its website.
It also said that any non-compliance would be considered for punitive action including imposition of trade sanctions.
The regulator has also put in place specific interim measures to facilitate ease of guest checkout transactions – where cardholders decide to manually enter card details at the time of transacting.
“other than the card issuer And this card network, the merchant or its payment aggregator (PA) involved in settlement of such transactions shall save the CoF data for a maximum period of T+4 days (“T” is the transaction date) or the settlement date, whichever is earlier. could. This data will be used only for settlement of such transactions, and thereafter should be purged,” it said.
To handle other post-transactional activities, the acquiring bank may continue to store CoF data till January 31, 2023.
As per the latest Reserve Bank of India order, all merchants will have to delete customer debit and credit card data on or before October 1 and convert card payments to unique tokens for all online, point-of-sale and in-app transactions. Will have to change
tokenization It is a process by which card details are replaced with a unique code or token, allowing online purchases to be made without exposing sensitive card details.