Circular on ‘Processing’ E-mail On the Card for Recurring Transactions’ (Recurring Payments) came into force on 1st October, 2021. RBI would have noted that many stakeholders in the ecosystem were not prepared by this deadline. As a result, a large number of e-mandates for recurring payments have failed since October, causing huge inconvenience to consumers and merchants.
A similar fate awaits them, such as the circular on ‘Card Transactions: Permit Card-on-File’ tokenization (COFT) services’ (tokenization), in case of possible delay in operation COFT Card-based digital payments by stakeholders involved in the value chain. This is also likely to adversely affect the government’s vision of a digital and cashless India.
Citing concerns over risks of card data theft or compromise or leaks, the tokenization circular, dated September 7, 2021, read along with ‘Guidelines on Regulation of Payment Aggregators and Payment Gateways’, prohibits merchants from saving card details of consumers. withholds, from January 1, 2022, and mandates COFT instead. Further, the circular instructs merchants to rectify the card details currently saved with them by this date.
While RBI should be commended for its visionary stance to make COFTs mandatory in the interest of promoting safe and secure digital payments for consumers, implementation challenges exist, which can lead to unintended adverse consequences for consumers and merchants.
The circular does not lay down technical time limits for card issuers (banks) and card networks to conduct COFTs. Instead, it sets a functional time limit for merchants to stop saving card details, and also purge the card details already saved with them.
In effect, it leaves merchants and their consumers at the mercy of banks and card networks to operate COFTs by the time limit, otherwise merchants will be able to process card-based digital payments of consumers through pre-saved cards. Won’t happen. As a result, end consumers may be forced to re-enter their complete card details every time a digital transaction is made. Alternatively, they will have to migrate to other modes of payment. This is likely to cause significant inconvenience to end consumers, lead to greater distrust in the digital economy, and prompt them to switch back to the cash economy.
In addition, new-to-digital consumers, especially illiterate consumers, senior citizens and persons with disabilities, may face additional difficulties in entering full card details for each transaction, leading to intermediary and third-party fraud. become hypersensitive. Consumers interacting with foreign merchants such as freelancers, researchers and consultants may also face additional challenges.
As RBI would already know, the conduct of COFT is a gradual process. First the card networks and banks need to independently acquire relevant systems internally, integrate with each other and later access payment aggregators and payment gateways. Final integration with merchants is followed by testing, determination and improvement of the token solution.
The process is likely to take time, especially in light of the lack of technical timelines for the first phase, i.e. for banks and card networks. However, the RBI has given less than four months to be fully effective. digital paymentEcosystem for operation of COFT.
While some cards claim to be network ready or launch a CoFT, the larger digital payments ecosystem may need more time to implement this, which is likely to exceed the end-December 2021 deadline.
We acknowledge that RBI has argued that the introduction of COFT will improve card data security, and continue to provide the same convenience to consumers. However, this is probably based on a timely and complete implementation of the token, which doesn’t seem to be the case.
As seen in the case of recurring payments, end consumers and merchants may bear the brunt of non-implementation by banks and others in the ecosystem. In particular, it was warned in the last open letter available
Here,
Accordingly, taking into account the complex interplay of interdependencies in implementing tokenization, we urge RBI to work closely with all stakeholders, to ensure a consumer-friendly digital experience, which is consistent with RBI’s ‘inclusive’ and be in line with the vision of ‘equitable’ development.
In this light, the Consumer Unity and Trust Society (CUTS) has recommended to RBI to first set a time frame for banks, card networks as well as payment gateways and aggregators for full implementation of COFT. RBI may adopt a carrot and stick approach with such stakeholders to ensure timely compliance. Working closely with them during this period will help them understand the compliance challenges they face and take steps to mitigate them.
Once RBI is satisfied with such successful implementation, it may provide merchants with a reasonable time to implement COFT, and subsequently require them to purge the card details currently saved with them . In order to ensure that there is no disruption to card-based digital payments, it will be mandatory for the RBI to conduct inclusive consultations with other stakeholders on the diverging system, capacity and capabilities, as well as other stakeholders. Unlike the case of failure of recurring payments.
It must be reiterated that many of the unintended adverse consequences discussed above can be avoided or minimized by conducting pre-circular consultations with consumer groups and other stakeholders regarding tokenization as well as recurring payments. Adopting a scientific regulation making process by conducting cost-benefit analysis will also help in this regard.
CUTS is keen to work with the RBI to this effect, and is currently conducting a consumer survey to bring out their perspective on card-based digital payments. We will soon share its findings and related recommendations with RBI, which will help us collectively maintain consumer confidence in card-based digital payments.
The author is the Secretary General of Cuts International. Siddharth Narayan, policy analyst at Cutts International contributed to the article.