PremiumAccording to a notification published by the RBI in Sept, no entity in the card transaction or payment chain other than the card issuers and card networks can store data with effect from 1 January
| Listen to this article |
Payment companies in India have started offering solutions to help merchants speed up tokenization of card payments, in line with the central bank’s mandate, but they fear merchants may not be able to meet the deadline, causing disruption of services similar to the one seen in October when rules on recurring payments were enforced.
According to a notification published by the Reserve Bank of India (RBI) in September, no entity in the card transaction or payment chain other than the card issuers and card networks can store data with effect from 1 January. In addition, any such stored data have to be purged, RBI added.
Following the notification, Razorpay, PayU, PhonePe, Cred and the National Payments Council of India (NPCI) have launched solutions to help merchant partners to create and modify tokens for card payments.
On 2 November, PhonePe announced PhonePe SafeCard, a tokenized solution for card-based transactions. Likewise, on 28 October, PayU launched PayU Token Hub in collaboration with Wibmo to help businesses tokenize card details. Razorpay launched Razorpay Token HQ on 23 October and has been working with its partner merchants to ensure its entire base of 5 million users is ready to implement tokenization.
However, a lot more needs to be done, according to payment companies. India had 920 million debit cards and 65 million credit cards in use as of September 2021, according to RBI.
The central bank reasons that a tokenized card transaction is safer because the actual card details are not shared with the merchant during a transaction.
However, payment companies fear many merchants may not meet this deadline.
Harshil Mathur, chief executive and co-founder Razorpay, is concerned about the lack of awareness among merchants about the new mandate. “We are trying to make merchants aware that this rule is coming, and if you are saving cards, you need to tokenize them. A lot of merchants don’t understand how serious this is and still believe that RBI will extend the deadline, which may or may not happen," Mathur said.
Mathur believes that merchants have been given enough time to implement tokenization.
“Our solution has been built keeping in mind that RBI will not extend the deadline. Our solution is plug and play, and with all the testing, merchants can go live in a week. The only challenge is that the ecosystem needs to take it seriously," he added.
Some, however, said that the time left to implement tokenization at a pan-India level is too short.
Sijo Kuruvilla George, executive director of Alliance of Digital India Foundation, hopes the deadline will be extended by a few months to ensure that businesses have more options at their disposal and aren’t forced to hurry through the switch.
“Even if it is extended by three months, it will definitely serve as both a relief and a confidence-building measure," George said.
“When the window is small, larger players tend to be at an advantage. It is not about some companies adapting to the service, but rather about the majority of startups also being able to do so. It is important that every player is given a fair chance to complete their transitions properly and that it doesn’t turn into an access game," he elaborated.
Mathur, on his part, points out that tokenization may affect larger merchants and businesses more as compared to small merchants who typically do not save card details as they are not PCI-DSS (Payment Card Industry-Data Security Standard) compliant.
Manya Madan, the founder of B2B nutrition tech startup Zoconut, agrees that the tokenization process might not significantly impact small businesses.
“We are in the process of adhering to the 1 January deadline for adopting tokenization on our platform. However, I don’t believe that tokenization will help businesses encourage consumers to set up recurring payments with different platforms."
“While the logic behind the Reserve Bank’s move can be seen, it would have been a better idea for the regulators to have banks and card issuers adopt features that enhance safety and cut down on cyber frauds."
Never miss a story! Stay connected and informed with Mint. Download our App Now!!
